If you know how these things work, I haven't told you anything new or useful yet. Maybe I won't. But the thing I think is important and frequently overlooked is that expiration time. Too short (5 seconds) and your user might not click the link before it expires. Too long (86400 seconds, i.e., one day) and this file is available far longer than you intended.
So looking at the X-Amz-Expires
header in #AWS #S3 is a good #security thing, especially if you're doing a #pentest . Those URLs can be passed from device to device (e.g., you can Slack it to a colleague or SMS it to a friend and it will work). So you want to counsel anyone who uses them to try hard to tune the expiration as short as is reasonably practical. That expiration is all of the security control on that link.
[edit: I left out something important]
I see these URLs with 86400
as the expiration time a lot and often. If you're a developer, look at what you're setting them to. If you're a #pentester, this is a thing to warn your customer about.
3/