Problem Statement: I want to download S3 contents through mobile app from multiple mobile devices.
Solution that I came across.
- Create an IAM user in AWS. Create a policy to download S3 contents only for particular bucket and assign that policy to IAM user.
- Whenever mobile application wants to download contents from S3, mobile application will call my server API which will return the credentials of IAM user.
- Then mobile application will use these credentials to download the S3 contents.
- Use AWS Cognito service.
However the problem with first approach is that I will have to manage credentials server side. Also someone can easily back track it and use those credentials outside application to download contents.
The second approach I am not aware of completely. However in the FAQ of AWS COGNITO service I did not found any solution to my requirement although it allows you to read, delete and put the content to any AWS service.
I need a suggestion regarding securely download S3 contents from mobile applications.
Best How To :
Amazon Cognito and the AWS Mobile SDK are designed especially for the use case of downloading content stored in S3 from a mobile app. You can use Cognito to provide temporary, limited-privilege AWS credentials to each user of your app. You can enable your users to start using your app as unauthenticated guests and/or authenticate with social logins or your own registration/login service.
To set up Cognito, use the Cognito console to create an Identity Pool, which is a store of user identity data specific to your AWS account. IAM roles define the permissions for your users to access AWS resources, like S3. Users of your application will assume the roles you create. You can specify different roles for authenticated and unauthenticated users. To learn more about IAM roles in Cognito, see IAM Roles.
A step-by-step guide for getting started with Amazon S3 from a mobile app is in the AWS Mobile SDK Developer Guide (here for Android and here for iOS). That guide will cover everything related to S3 including configuring the necessary permission in S3 with bucket policies and how to upload/download files from a mobile app and more.
Please comment if there is anything we can do to make this more clear!