What is recommended way to access Private S3 bucket from android app

1
votes

We have S3 buckets which is private. s3 bucket is created manually and files in it uploaded by our .net server (files are also private) And we want to access these private files securely in android app. We did not have any login/sigup in app.

I am using following approach for it 

1. Created identity pool and enabled access to unauthenticated identities as there is no any login in our app
2. Configured IAM role. for unAuth role, added inline policy to have full aceess to s3 bucket

And i am using following aws sample to test approach

https://github.com/awslabs/aws-sdk-android-samples/tree/master/S3TransferUtilitySample

My question is that

  1. Is it a right approach as files has copyrighted information and one should not able to hack bucket and receive all files without paying for it..
  2. above sample GitHub example is not working and giving error as access denied, but if i make bucket public, then I am able to access public files only, not private files. So, does this approach is not for private bucket ?

Thanks in advance.

1
androidamazon-web-servicesamazon-s3amazon-ec2aws-sdk
did you use presigned url . which is expired in given time. please refer this class for more information. [GeneratePresignedUrlRequest. docs.aws.amazon.com/AWSAndroidSDK/latest/javadoc/index.html?com/…mcd
I am using following example - github.com/awslabs/aws-sdk-android-samples/tree/master/… It has download method. transferUtility.download(Constants.BUCKET_NAME, key, file);Rohit Kanade
i am using mobile aws android sdk -> docs.aws.amazon.com/mobile/sdkforandroid/developerguide/…Rohit Kanade

1 Answers

1
votes

Using unauth identities might not be the best way in this case. Since unauth identities are can be obtained by anyone. You should ideally have your own authorizer to do this. It could be done in multiple ways like API Gateway and Lambda which gives you a pre-signed URL in the app which can be used to fetch S3 files.

Thanks, Rohan