Presigned URL requires IAM user, which my company discourages

[michael-friddell]

Thank you for developing this solution. We had been struggling to figure out how to create a voicemail solution for Connect so finding this has been very helpful. Unfortunately, I've had to modify it quite a bit because our "CloudGov" team discourages solutions that use an IAM user. I disabled all of the IAM user, access, and secret key references and successfully installed the CF stack. Unfortunately, this caused the timeout on the presigned URL to the WAV file on S3 to expire after six hours. This article explains why: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html#who-presigned-url

With the help of a teammate, we found this article explaining how to set up an API Gateway that restricts access to the files on S3 based on a VPC Endpoint: https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html. I rewrote your solution to use this method and it works well.

[dougjaso]

Cool. Good workaround. Eventually, we hope to remove presigned URLs entirely, once other features are released.