Getting started
Overview
Enable your app to store and retrieve user files from cloud storage with the permissions model that suits your purpose. The Amplify CLI will deploy and configures cloud storage buckets using Amazon Simple Storage Service.
Storage Access
The CLI configures three different access levels on the storage bucket: public, protected and private. When you run amplify add storage
, the CLI will configure appropriate IAM policies on the bucket using an Amazon Cognito Identity Pools IAM Role. You will have the option of adding CRUD (Create, Read, Update, and Delete) permissions as well so that Authenticated and Guest users will be granted different permissions based on these levels.
If you had previously enabled user sign-in by running amplify add auth
in your project, the policies will be connected to an Authenticated Role
within Cognito Identity Pools which has scoped permissions to the objects in the S3 bucket prefixed by a user's Cognito Identity ID. If you haven't configured user sign-in, then an Unauthenticated Role
will be assigned for each unique user/device combination, which will still have scoped permissions to owned objects.
- Public: Accessible by all users of your app. Files are stored with the
public/
prefix in your S3 bucket. - Protected: Readable by all authenticated users, writable only by the owner. Files are stored with the
protected/{cognito_user_identity_id}/
prefix. - Private: Only accessible by the owner. Files are stored with the
private/{cognito_user_identity_id}/
prefix.
The
cognito_user_identity_id
corresponds to the owner's unique Amazon Cognito Identity ID. See Authentication for more information on how to get thecognito_user_identity_id
for a signed in user.
Set Up Your Backend
-
Complete the Get Started steps before you proceed.
-
Use the Amplify CLI to add storage to your app.
In a terminal window, navigate to your project root folder (the folder that contains your app's
.xcodeproj
file), and add the SDK to your app.cd YOUR_PROJECT_FOLDERamplify add storage -
Choose
Content
as your storage service.❯ Content (Images, audio, video, etc.) -
The CLI walks you through the options to enable Auth (if not enabled previously), in order to decide who should have access (select
Auth and guest users
andread/write
for both auth and guest users). -
Confirm that you have storage and auth set up by running
amplify status
:$ amplify status| Category | Resource name | Operation | Provider plugin || --------- | --------------- | --------- | ----------------- || Auth | cognito2e202b09 | Create | awscloudformation || Storage | sabc0123de | Create | awscloudformation | -
To create your backend run:
amplify pushThe CLI will create the
awsconfiguration.json
file in your project directory. In the Finder, dragawsconfiguration.json
into Xcode under the top Project Navigator folder (the folder name should match your Xcode project name). When theOptions
dialog box appears, do the following:
- Clear the
Copy items if needed
check box. - Choose
Create groups
, and then chooseFinish
.
Lambda Triggers
The Amplify CLI supports associating Lambda triggers for Amazon S3 and DynamoDB events. This can be useful for a use case where you want to invoke a Lambda function after a create or update operation on a DynamoDB table managed by the CLI. Read More
Connect to Your Backend
Use the following steps to add storage services to your app.
-
Add the
AWSS3
dependency to thePodfile
to install the AWS Mobile SDK:platform :ios, '9.0'target :'YOUR-APP-NAME' douse_frameworks!pod 'AWSS3'# other pods . . .pod 'AWSMobileClient'end
Run pod install --repo-update
before you continue.
-
Add the following import to the classes that perform user file storage operations:
import AWSS3