IOS with Rails Backend Amazon S3 direct upload

Question

I am currently trying to use amazon s3 for uploading images from IOS app with a Rails Back-end.

I currently don't understand how security works. In their docs

http://docs.aws.amazon.com/mobile/sdkforios/developerguide/s3transfermanager.html

it's not clear to me how to upload/destroy safely objects in sync with the back-end. For instance, in order to post/destroy, I was expecting a mechanism of asking a signature to the Rails server, and only then be able to upload the image to amazon. But I can't find this kind of mechanism.

Has someone gone through this kind with aws?

Answer 1

If you are using your server to generate temporary credentials for the AWS Mobile SDK, we recommend the following approach:

1. Generate the access key, secret key, and session token on your server. You have many language options including Java, .NET, PHP, Ruby, Python, and Node.js.
2. Implement your credentials provider by conforming to AWSCredentialsProvider. Take a look at the implementations of AWSWebIdentityCredentialsProvider and AWSCognitoCredentialsProvider as examples. This credentials provider should:
   • Retrieve the access key, secret key, and session key from your server.
   • Persist them locally until they expire.
   • Return the credentials when requested.
   • Re-retrieve them from your server if they are expired.
   • Initiate the credentials refreshing process when - refresh is called.

I encourage you to take a look at Amazon Cognito Identity. With Amazon Cognito, you can create unique end user identifiers for accessing AWS cloud services by using public login providers such as Amazon, Facebook, Google, and any OpenID Connect compatible provider, or by using your own user identity system. It covers many of the custom server use cases, and it is easier to use and manage.