Reputation: 3037
Having trouble understanding how to use the Android AWS SDK
I am building an app that will use Amazon's SimpleDB service. It uses Amazon's AWS Android SDK. As I understand, it is not recommended that I hard-code my Amazon credentials (access Id and secret key) into my application, since it's not too difficult to look up the strings in the application binaries. How do I go about accessing SimpleDB from my app in a secure way? I think I'm supposed to use the KeyStore, but I have no idea how to do that.
If it helps, I'm using Eclipse as my IDE (I'm saying this in case Eclipse can make this whole Amazon credential thing a lot simpler).
Upvotes: 2
Views: 3200
Answers (1)
Reputation: 4153
AWS provides detailed information about credential management in mobile applications.
There are two patterns discussed:
- Proxying the request through a server
- Making direct requests to AWS
The choice between these two options basically boils down to whether you want to put your application logic on the mobile device or on your servers (these could be AWS EC2 servers). If you decide to put your logic on the server then you don't have to worry about putting any AWS credentials on the mobile device. If however you do want to access AWS directly from the mobile App then you have the problem of how to manage this interaction. There are again two scenarios:
- Customer uses their own AWS account
- App provider uses their AWS account
The first scenario could be used if you are providing an app that allows customers to manage their own AWS services. For most customer facing apps you will be using your own account. To address this second case AWS currently recommends using IAM to manage a pool of users for your account, their explanation is below:
In this solution, a customer pool is managed by IAM under your AWS account. Mobile application users are redirected to a login page hosted in a separate server fleet. Because you own and operate the servers managing authentication for your applications, you can validate the identity of the application user prior to distributing AWS security credentials to the mobile application.
Rather than using the same set of AWS credentials for every application user, you can use AWS Identity and Access Management (IAM) to programmatically create a new IAM User for each application user under your AWS account.
AWS Identity and Access Management (IAM) allows you to create multiple Users and manage the permissions for each of these Users within your AWS Account. A User is an identity (within your AWS Account) with unique security credentials that can be used to access AWS Services. IAM eliminates the need to share passwords or access keys across customers, applications, and users; and makes it easy to enable or disable a User's access as appropriate. IAM offers more flexibility, control and security when passing security credentials to a mobile application. You can learn more about IAM at http://aws.amazon.com/iam/.
Upvotes: 4
Related Questions
- aws support on android
- Getting started with AWS SDK for Java
- AWS Java SDK not working on Eclipse IDE
- AWS SDK References containing context - Android
- Amazon APIGateway Android SDK Example - Tutorial
- Using Java AWS SDK Vs Android AWS SDK on Android
- Configuring the AWS SDK for Java
- Android AWS SDk
- How to run sample code in Amazon SDK for android?
- use amazon aws-java-sdk-1.0.11 in android