Search code examples
ios7amazon-web-servicesamazon-s3amazon-cognito

Integrating STS with AWSS3TransferManagerUploadRequest and AWSS3TransferManagerDownloadRequest

We are trying to implement AWS Security Token Service in our android and iOS app. At backend we are using below code to generate token:

public class CloudManagementImpl implements CloudManagement{

    private static final Logger Log = LoggerFactory.getLogger(CloudManagementImpl.class);

    @Override
    public CloudConfiguration getCloudProperties() {

        CloudConfiguration CloudConfiguration = new CloudConfiguration();

        AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
        assumeRoleRequest.setRoleArn(JiveGlobals.getProperty(XYZConstant.AWS_ARN_EC2_ROLE_MAP));
        assumeRoleRequest.setRoleSessionName(XYZConstant.AWS_ROLE_SESSIONNAME);
        assumeRoleRequest.setDurationSeconds(JiveGlobals.getIntProperty(XYZConstant.AWS_CREDENTIALS_LIFETIME, 1800));

        AWSSecurityTokenServiceClient stsClient = new AWSSecurityTokenServiceClient();
        AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest);
        if (assumeRoleResult != null) {
            Credentials sessionCredentials = assumeRoleResult.getCredentials();
            CloudConfiguration.setAwsAccessId(sessionCredentials.getAccessKeyId());
            CloudConfiguration.setAwsAccessKey(sessionCredentials.getSecretAccessKey());
            CloudConfiguration.setToken(sessionCredentials.getSessionToken());
            CloudConfiguration.setAwsMainBucket(JiveGlobals.getProperty(XYZConstant.AWS_MAIN_BUCKET));
        } else {
            Log.error("Cloud Management :: Propery values not configured ");
        }

        return CloudConfiguration;
    }

}

Generated token is then obtained in iOS and android app through a separate web-service call.

In android we are using below code to consume retrieved token:

public S3Client(String accessKey, String secretKey, String token, String bucketName) {
        super();
        this.accessKey = accessKey;
        this.secretKey = secretKey;
        this.bucketName = bucketName;
        BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(accessKey, secretKey, token);
        amazonS3Client = new AmazonS3Client(basicSessionCredentials);

    }

Problem is -

We do not have android like API in AWS mobile SDK version 2 for iOS, using which we can consume the retrieved token, perhaps the best way to achieve this thing in iOS is through AWSCognitoCredentialsProvider, but we are not sure.

Please suggest - what is the best way to integrate AWS Security Token Service in iOS.

Solution

  • You need to implement your own credentials provider by conforming to AWSCredentialsProvider. Sounds like you already have a code snippet that retrieves the temporary credentials from your server. That logic should go into your custom credentials provider. You can take a look at the implementation of AWSWebIdentityCredentialsProvider and AWSCognitoCredentialsProvider for how to implement your own credentials provider.