SystemOverflow
LearnObject Storage & Blob StoragePresigned URLs & Access Control4 of 6
Object Storage & Blob StoragePresigned URLs & Access ControlHard⏱️ ~3 min

Common Failure Modes and Operational Edge Cases

Clock Skew Failures

Presigned URLs embed generation and expiration timestamps. If the signing server clock differs from storage service clock, URLs fail unpredictably. A server running 2 minutes ahead generates URLs that appear expired immediately. Symptoms include intermittent signature expired errors correlating with which server handled the request. Fix requires NTP synchronization on all signing servers with monitoring for clock drift. Alert if any server drifts beyond 5 seconds.

Credential Rotation Chaos

When signing credentials rotate, outstanding presigned URLs can break. At 10:00 AM, key A signs a URL valid until 10:15 AM. At 10:05 AM, key A rotates to key B. The URL is still time valid but key A no longer exists. URL fails with invalid access key. Mitigation: keep old credentials active during transition. If URLs can be valid for 1 hour, old credentials must remain valid for 1 hour after rotation.

⚠️ Key Trade-off: Shorter URL expiration enables faster credential rotation. With 5 minute URLs, credentials can rotate in 10 minutes. With 24 hour URLs, credentials must overlap for 24 hours.

URL Caching Bugs

Caching pages containing presigned URLs causes failures when URLs expire. Common mistake: CDN caches page HTML for 1 hour, presigned URLs expire in 15 minutes. Users visiting cached page get broken URLs. Solutions: URL expiration must exceed page cache duration, pages must be uncached, or URLs must be fetched client side via API.

Large File Upload Timeout

A presigned URL might expire during slow upload. User on poor connection requests URL valid 15 minutes, upload takes 20 minutes, fails partway. For large uploads, use multipart presigned URLs. Each part gets its own URL and completes quickly. Overall upload can span hours across sessions.

💡 Key Takeaways
Clock skew between signing servers and storage causes intermittent expired errors - require NTP sync with drift monitoring under 5 seconds
Credential rotation breaks outstanding URLs - old credentials must remain valid for maximum URL duration after rotation
Caching pages with presigned URLs causes failures - URL expiration must exceed cache duration or fetch URLs client side
Large uploads can timeout mid transfer - use multipart presigned URLs where each part has its own short lived URL
📌 Interview Tips
1When designing presigned systems, explain credential rotation strategy including the overlap window requirement
2Describe the caching problem and whether you would align cache duration or fetch URLs client side
3For upload scenarios, explain when to switch from single PUT presigned URLs to multipart upload presigned URLs
← Back to Presigned URLs & Access Control Overview