Menu
let's start off with the problem statement:
My iOS application has a login form. When the user logs in, a call is made to my API and access granted or denied. If access was granted, I want the user to be able to upload pictures to his account and/or manage them.
As storage I've picked Amazon S3, and I figured it'd be a good idea to have one bucket called "myappphotos" for instance, which contains lots of folders. The folder names are hashes of a user's email and a secret key. So, every user has his own, unique folder in my Amazon S3 bucket.
Since I've just recently started working with AWS, here's my question:
What are the best practices for setting up a system like this? I want the user to be able to upload pictures directly to Amazon S3, but of course I cannot hard-code the access key. So I need my API to somehow talk to Amazon and request an access token of sorts - only for the particular folder that belongs to the user I'm making the request for.
Can anyone help me out and/or guide me to some sources where a similar problem was addressed? Don't think I'm the first one and the amazon documentation is so extensive that I don't really know where to start looking.
Thanks a lot!
279
Amazon S3 service is used for file storage, where you can upload or remove files. We can trigger AWS Lambda on S3 when there are any file uploads in S3 buckets. AWS Lambda has a handler function which acts as a start point for AWS Lambda function.
Go to Chrome > Settings, search for SSL (chrome://settings/search#ssl) and click on Manage certificates. Use the link again in Postman and it will work.
In the Amazon S3 console, choose the bucket where you want to upload an object, choose Upload, and then choose Add Files. In the file selection dialog box, find the file that you want to upload, choose it, choose Open, and then choose Start Upload. You can watch the progress of the upload in the Transfer pane.
Have you looked at the Amazon AWS SDK for iOS?
From the docs:
The AWSiOSDemoTVM and AWSiOSDemoTVMIdentity samples demonstrate a more secure mechanism for transferring AWS security credentials to a mobile client. These samples require a server application, in this case the token vending machine (TVM), which is provided as a separate download. The sample applications register with TVM, either anonymously or with a user-supplied user name and password. The TVM uses the AWS Security Token Service to get temporary security credentials and pass them to the mobile application.
The TVM is available in two forms, one that supports anonymous registration and one that requires a user name and password to register a device and receive security tokens. To download and install the TVM for Anonymous Registration, go to http://aws.amazon.com/code/8872061742402990. To download and install the TVM for Identity Registration, go to http://aws.amazon.com/code/7351543942956566.
From Authenticating Users of AWS Mobile Applications with a Token Vending Machine:
This article discusses an architecture that enables applications running on a mobile device to more securely interact with Amazon Web Services such as Amazon Simple Storage Service (S3), Amazon SimpleDB, Amazon Simple Notification Service (SNS), and Amazon Simple Queue Service (SQS). The architecture discussed uses a "Token Vending Machine" to distribute temporary security credentials to the mobile application.
Your token can limit access to a specific bucket on S3, so it appears to be the best option.
172
ASIHTTPRequest has direct support for Amazon S3.
http://allseeing-i.com/ASIHTTPRequest/S3
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
