As part of defining a command template within the commands module, pre-signed urls can be configured to provide a secure way to download files. In addition, command templates can be configured to allow for devices to request pre-signed urls to upload content relevant to the command. Refer to the Presigned Urls (User) page for a description of the functionality offered by pre-signed urls. This page focuses on its design and implementation.
Requests for refreshing expired pre-signed urls are sent from the device to specific MQTT topics. As there may be many instances of the commands module running, we need to ensure that the request is normally handled just once (possible to be handled at least once). To handle this, an AWS IoT Rule subscribes to these request topics, extracts the thingName from the topic structure, and forwards the request to an instance of the Pre-signed module of the commands module.
When a device is requesting a pre-signed url, the commands module validates that the device is part of the command in context.
If the request is for downloading a file, only the files originally provided along with the command (via its file alias) may be requested.
If the request is for uploading a file, the pre-signed urls are generated for files located within the ${aws.s3.bucket}:${aws.s3.prefix}commands/{commandId}/uploads/{thingName}/ key.