I'm working on an iOS app using Titanium. Part of the app requires the direct upload of photos to S3. Now I don't want to put the main AWS credentials in here, so I'm using the Security Token Service to generate some temporary credentials. That part works fine
If it helps, the code for generating the credentials:
$sts = StsClient::factory(array(
'key' => 'KEY_HERE',
'secret' => 'SECRET_HERE'
));
$result = $sts->getSessionToken();
Amongst other things, I get back AccessKeyId, SecretAccessKey & SessionToken. Passing all 3 of these via PHP works great and I can upload fine. However, I am then passing these credentials to the app and need to use them from there.
The problem is that every method of connecting to AWS (including the 'official' AWS module) only use the access key & secret key - i.e. there is no way to pass the session token and therefore I can't authorise. e.g. the Titanium AWS module works like AWS.authorize(accessKey, secretKey); - it doesn't accept a session token.
Now, my real question is - how do I connect with just a key/secret and have it accepted. Is there some config I need to set? Do I need to hack the module to somehow pass the token? I'm pretty new to the world of AWS so some things are still pretty baffling and any pointers would be much appreciated!
An other option would be to use IAM to generate a user that is only allowed to upload files to S3. That user gets its own access key and secret, which you could ship with your app.
AWS is deprecating the use of main credentials for new accounts in April if I remember correctly, so familiarizing yourself with IAM is a good choice anyhow!
I'm working on an iOS app using Titanium. Part of the app requires the direct upload of photos to S3. Now I don't want to put the main AWS credentials in here, so I'm using the Security Token Service to generate some temporary credentials. That part works fine
If it helps, the code for generating the credentials:
$sts = StsClient::factory(array(
'key' => 'KEY_HERE',
'secret' => 'SECRET_HERE'
));
$result = $sts->getSessionToken();
Amongst other things, I get back AccessKeyId, SecretAccessKey & SessionToken. Passing all 3 of these via PHP works great and I can upload fine. However, I am then passing these credentials to the app and need to use them from there.
The problem is that every method of connecting to AWS (including the 'official' AWS module) only use the access key & secret key - i.e. there is no way to pass the session token and therefore I can't authorise. e.g. the Titanium AWS module works like AWS.authorize(accessKey, secretKey); - it doesn't accept a session token.
Now, my real question is - how do I connect with just a key/secret and have it accepted. Is there some config I need to set? Do I need to hack the module to somehow pass the token? I'm pretty new to the world of AWS so some things are still pretty baffling and any pointers would be much appreciated!
An other option would be to use IAM to generate a user that is only allowed to upload files to S3. That user gets its own access key and secret, which you could ship with your app.
AWS is deprecating the use of main credentials for new accounts in April if I remember correctly, so familiarizing yourself with IAM is a good choice anyhow!
0 commentaires:
Enregistrer un commentaire