Choose your framework/language

v1v2
Edit on GitHub

Page updated Nov 15, 2023

Configure access

You are currently viewing the AWS SDK for Mobile documentation which is a collection of low-level libraries. Use the Amplify libraries for all new app development. Learn more

You can view the Mobile SDK API reference here.

All Amazon S3 resources are private by default. If you want your users to have access to Amazon S3 buckets or objects, you can assign appropriate permissions with an IAM policy.

IAM Policy Based Permissions

When you upload objects to the S3 bucket the Amplify CLI creates, you must manually prepend the appropriate access-level information to the key. The correct prefix - public/, protected/ or private/ - will depend on the access level of the object as documented in the Storage Access section. For example:

1var s3Object = S3ObjectInput()
2

3// Accessible by all users
4s3Object.key = "public/myFile.txt"
5

6// Readable by all users, but writable only by the creating user
7s3Object.key = "protected/\(cognitoIdentityId)/myFile.txt"
8

9// Only accessible for the individual user
10s3Object.key = "private/\(cognitoIdentityId)/myFile.txt"

Note: These keys must be prepended when you are uploading the object, and the same key must be specified as part of the object's key during download. The cognitoIdentityId is required for protected and private access and you can get it by using the Authentication Utilities within AWSMobileClient: AWSMobileClient.default().identityId.

Temporary Permissions via Pre-signed URLs

However, what if you wanted to provide permissions temporarily, for example: you want to share a link to a file temporarily and have the link expire after a set time. You can use pre-signed URLs to give your users temporary access to S3 objects. When you create a pre-signed URL, you must provide your security credentials, specify a bucket name, an object key, an HTTP method, and an expiration date and time. The pre-signed URL is valid only for the specified duration.

The following example shows how to build a pre-signed URL to get an S3 object.

1let getPreSignedURLRequest = AWSS3GetPreSignedURLRequest()
2getPreSignedURLRequest.bucket = "myBucket"
3getPreSignedURLRequest.key = "myFile.txt"
4getPreSignedURLRequest.httpMethod = .GET
5

6// Change the value of the expires time interval as required
7getPreSignedURLRequest.expires = Date(timeIntervalSinceNow: 3600)
8

9AWSS3PreSignedURLBuilder.default().getPreSignedURL(getPreSignedURLRequest).continueWith { (task:AWSTask<NSURL>) -> Any? in
10    if let error = task.error as? NSError {
11        print("Error: \(error)")
12        return nil
13    }
14

15    let presignedURL = task.result
16    // Use the Pre-Signed URL here as required
17    return nil
18}

The preceding example uses GET as the HTTP method: AWSHTTPMethodGET. For an upload request to S3, you would use a PUT method.

1let getPreSignedURLRequest = AWSS3GetPreSignedURLRequest()
2getPreSignedURLRequest.bucket = "myBucket"
3getPreSignedURLRequest.key = "myFile.txt"
4getPreSignedURLRequest.httpMethod = .PUT
5

6// Change the value of the expires time interval as required
7getPreSignedURLRequest.expires = Date(timeIntervalSinceNow: 3600) 
8getPreSignedURLRequest.contentType = "text/plain"
9

10AWSS3PreSignedURLBuilder.default().getPreSignedURL(getPreSignedURLRequest).continueWith { (task:AWSTask<NSURL>) -> Any? in
11    if let error = task.error as? NSError {
12        print("Error: \(error)")
13        return nil
14    }
15

16    let presignedURL = task.result
17    // Use the Pre-Signed URL here as required
18    return nil
19}
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.