Home/ Questions/Q 6861753
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T02:34:32+00:00

let’s start off with the problem statement: My iOS application has a login form.

  • 0

let’s start off with the problem statement:

My iOS application has a login form. When the user logs in, a call is made to my API and access granted or denied. If access was granted, I want the user to be able to upload pictures to his account and/or manage them.

As storage I’ve picked Amazon S3, and I figured it’d be a good idea to have one bucket called “myappphotos” for instance, which contains lots of folders. The folder names are hashes of a user’s email and a secret key. So, every user has his own, unique folder in my Amazon S3 bucket.

Since I’ve just recently started working with AWS, here’s my question:

What are the best practices for setting up a system like this? I want the user to be able to upload pictures directly to Amazon S3, but of course I cannot hard-code the access key. So I need my API to somehow talk to Amazon and request an access token of sorts – only for the particular folder that belongs to the user I’m making the request for.

Can anyone help me out and/or guide me to some sources where a similar problem was addressed? Don’t think I’m the first one and the amazon documentation is so extensive that I don’t really know where to start looking.

Thanks a lot!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have you looked at the Amazon AWS SDK for iOS?

    From the docs:

    The AWSiOSDemoTVM and AWSiOSDemoTVMIdentity samples demonstrate a more
    secure mechanism for transferring AWS security credentials to a mobile
    client. These samples require a server application, in this case the
    token vending machine (TVM), which is provided as a separate download.
    The sample applications register with TVM, either anonymously or with
    a user-supplied user name and password. The TVM uses the AWS Security
    Token Service to get temporary security credentials and pass them to
    the mobile application.

    The TVM is available in two forms, one that supports anonymous
    registration and one that requires a user name and password to
    register a device and receive security tokens. To download and install
    the TVM for Anonymous Registration, go to
    http://aws.amazon.com/code/8872061742402990. To download and install
    the TVM for Identity Registration, go to
    http://aws.amazon.com/code/7351543942956566.

    From Authenticating Users of AWS Mobile Applications with a Token Vending Machine:

    This article discusses an architecture that enables applications
    running on a mobile device to more securely interact with Amazon Web
    Services such as Amazon Simple Storage Service (S3), Amazon SimpleDB,
    Amazon Simple Notification Service (SNS), and Amazon Simple Queue
    Service (SQS). The architecture discussed uses a “Token Vending
    Machine” to distribute temporary security credentials to the mobile
    application.

    Your token can limit access to a specific bucket on S3, so it appears to be the best option.

    • 0