Identify AWS S3 URLs in a web application?

I have been trying to find the answer to this question for several hours, but could not find a definitive answer. I hope someone here can shed light on my question. Consider the following AWS S3 URL example:

https://some-bucket.s3-eu-west-2.amazonaws.com/uploads/images/some_image.jpg?X-Amz-Expires=600&X-Amz-Date=20170920T124015Z&X-Amz-Algorithm=AWS4-HMAC- SHA256 & X-Amz-Credential = AKIAI6CJYFYSSWMXXXXX / 20170920 / eu-west-2 / s3 / aws4_request & X-Amz-SignedHeaders = host & X-Amz-Signature = 0481296b70633de8ef8ff8ff2ff2fffff

In my specific example, the above URL is a request to view an image in S3, which I view directly in the HTML img tag, and the user in Amz-Credential has read and write permissions. The URL also expires after 10 minutes.

Is it safe to link to an image directly through this URL, or is it likely that within these 10 minutes the signature from this URL could be used in a malicious REST request to delete or modify the image instead of viewing it?

I suspect that another action will have a different signature to make this impossible, but given my very limited understanding of AWS auth, I thought it was better to ask just in case.

I know that I could create a read-only user (additional complexity) or hide the S3 URL behind the action of the controller in my own web application (this requires 2 general requests to download each image, which makes it inefficient), but I'd rather find out if my current approach is safe or not before resorting to any of them.

Thank you for your time. :)