Tag Archives: S3

How to set bucket policies for Amazon AWS S3?

In Amazon AWS S3 Console > Select your bucket > hit Properties tab on right-hand side > Edit bucket policies button

Public bucket policy:

{
“Version”:”2008-10-17″,
“Statement”:[{
“Sid”:”MyAllowPublicRead”,
“Effect”:”Allow”,
“Principal”: {
“AWS”: “*”
},
“Action”:[“s3:GetObject”],
“Resource”:[“arn:aws:s3:::YOUR_BUCKET/*”
]
}
]
}

 

 

Advertisements

How to secure Amazon AWS S3 bucket and access from Android app?

Two possible approaches – differing in how credentials are used (i.e what kind of credentials are embedded in your app).

EMBEDDING COGNITO IDENTITY POOL ID IN APPLICATION

The advantage of this approach is that you do not have to embed the Access Key, Secret Key in your code – for example in a android application. Amazon creates temporary credentials for use by your client application.

Create Cognito Pool Id

In Amazon AWS Console > Cognito:

Provide a name, and it will create two roles for you too:

  • Unauthenticated Users Role
  • Authenticated Users Role (Google/Twitter/Facebook login etc.)

Create a Policy:

In Amazon AWS Console > IAM > Policies

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:Get*”
],
“Resource”: “arn:aws:s3:::YOUR_BUCKET/*”
}
]
}

 

Attach the Policy to Roles created previously

In AWS Console > IAM > Roles

Attach Policy to both roles (or one of them depending on authenticated or unauthenticated access requirements)

Note: You can attach Roles to this Policy as well (its the same thing)

Code

package com.s3test;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.S3Object;

public class S3Test {

static AWSCredentials credentials = null;
static String bucketName = “BUCKET_NAME”;
static String key = “YOUR_FILE_IN_BUCKET”;

public static void main(String[] args) {

CognitoCachingCredentialsProvider cognitoProvider = new CognitoCachingCredentialsProvider(

    ctx, // get the context for the current activity

    “whatever:whatever-whatever-whatever..”, /* Identity Pool ID */

    Regions.US_EAST_1 /* Region */

);

AmazonS3 s3 = new AmazonS3Client(cognitoProvider);

Region usWest2 = Region.getRegion(Regions.US_WEST_1);//Make sure region is same as where S3 bucket exists
s3.setRegion(usWest2);

S3Object object = s3.getObject(new GetObjectRequest(bucketName, key));
System.out.println(“Content-Type: ” + object.getObjectMetadata().getContentType());
try {
displayTextInputStream(object.getObjectContent());
} catch (IOException e) {

e.printStackTrace();
}
}

private static void displayTextInputStream(InputStream input) throws IOException {
BufferedReader reader = new BufferedReader(new InputStreamReader(input));
while (true) {
String line = reader.readLine();
if (line == null) break;

System.out.println(” ” + line);
}
System.out.println();
}
}

 

 

EMBEDDING ACCESS_KEY AND SECRET_KEY IN APPLICATION

Create a IAM User

In Amazon AWS Console > IAM :

Create a User, you will get Access Key Id, and Secret Key for that user.

Create a Policy

In Amazon AWS Console > IAM > Policies

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:Get*”
],
“Resource”: “arn:aws:s3:::YOUR_BUCKET/*”
}
]
}

Attach this Policy to the User (Or Group, if you added user to a Group)

Use Attach button (available in the policy page) for this.

All set – Now access S3 Bucket from Java Program:

NOTE: You will need AWS-JAVA_SDK in path eg: aws-java-sdk-1.9.17.jar

package com.s3test;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.S3Object;

public class S3Test {

static AWSCredentials credentials = null;
static String bucketName = “BUCKET_NAME”;
static String key = “YOUR_FILE_IN_BUCKET”;

public static void main(String[] args) {
//– credentials = new ProfileCredentialsProvider()..getCredentials();
credentials = new BasicAWSCredentials(“USER_ACCESS_KEY_ID”, “USER_SECRET_ACCESS_KEY”);
AmazonS3 s3 = new AmazonS3Client(credentials);
Region usWest2 = Region.getRegion(Regions.US_WEST_1);//Make sure region is same as where S3 bucket exists
s3.setRegion(usWest2);

S3Object object = s3.getObject(new GetObjectRequest(bucketName, key));
System.out.println(“Content-Type: ” + object.getObjectMetadata().getContentType());
try {
displayTextInputStream(object.getObjectContent());
} catch (IOException e) {

e.printStackTrace();
}
}

private static void displayTextInputStream(InputStream input) throws IOException {
BufferedReader reader = new BufferedReader(new InputStreamReader(input));
while (true) {
String line = reader.readLine();
if (line == null) break;

System.out.println(” ” + line);
}
System.out.println();
}
}

 

That’s It

Compare Cloud Computing Platforms

Platform OS Lang Data Tier
Amazon EC2 Linux
Solaris
Windows
ANY Relational DB via AMIs
RDS (MySQL)
Simple DB (not rdbms)
S3
Amazon Queue
Elastic Map Reduce
Microsoft Azure Windows .NET Windows Azure Storage
Windows SQL Azure
Google App Engine Google Infra. Java
Python
Google File System
Big Table