ios - 从 iOS 应用上传到 Amazon S3

Question

让我们从问题陈述开始:

我的 iOS 应用程序有一个登录表单。当用户登录时，将调用我的 API 并授予或拒绝访问权限。如果授予访问权限，我希望用户能够将图片上传到他的帐户和/或管理它们。

作为存储，我选择了 Amazon S3，我认为有一个名为“myappphotos”的存储桶是个好主意，例如，它包含很多文件夹。文件夹名称是用户电子邮件和 key 的哈希值。因此，每个用户在我的 Amazon S3 存储桶中都有自己独特的文件夹。

由于我最近才开始使用 AWS，所以这是我的问题:

设置这样的系统的最佳实践是什么？我希望用户能够直接将图片上传到 Amazon S3，但是我当然不能硬编码访问 key 。因此，我需要我的 API 以某种方式与 Amazon 通信并请求各种访问 token - 仅适用于属于我为其发出请求的用户的特定文件夹。

任何人都可以帮助我和/或指导我找到一些解决了类似问题的资源吗？不要以为我是第一个，亚马逊的文档非常广泛，我真的不知道从哪里开始看。

非常感谢!

Answer 1

你看过Amazon AWS SDK for iOS了吗？ ？

来自文档:

The AWSiOSDemoTVM and AWSiOSDemoTVMIdentity samples demonstrate a more secure mechanism for transferring AWS security credentials to a mobile client. These samples require a server application, in this case the token vending machine (TVM), which is provided as a separate download. The sample applications register with TVM, either anonymously or with a user-supplied user name and password. The TVM uses the AWS Security Token Service to get temporary security credentials and pass them to the mobile application.

The TVM is available in two forms, one that supports anonymous registration and one that requires a user name and password to register a device and receive security tokens. To download and install the TVM for Anonymous Registration, go to http://aws.amazon.com/code/8872061742402990. To download and install the TVM for Identity Registration, go to http://aws.amazon.com/code/7351543942956566.

来自 Authenticating Users of AWS Mobile Applications with a Token Vending Machine :

This article discusses an architecture that enables applications running on a mobile device to more securely interact with Amazon Web Services such as Amazon Simple Storage Service (S3), Amazon SimpleDB, Amazon Simple Notification Service (SNS), and Amazon Simple Queue Service (SQS). The architecture discussed uses a "Token Vending Machine" to distribute temporary security credentials to the mobile application.

您的 token 可以限制对 S3 上特定存储桶的访问，因此它似乎是最佳选择。