1

AWS provides SDKs on iOS and Android to upload to their servers yet you don't want your key exposed if it was decompiled. How do you prevent that? Is there a way to sign a URL on the backend and give it to the client so they can upload directly onto S3 Without exposing the key?

Improve this question

1 Answer 1

Reset to default
1

You can use Amazon STS (Security Token Service) to generate unique sign-in credentials that also expire automatically.

You can also control permissions on these temporary credentials obtained via STS (for example to allow only upload permissions in a certain S3 bucket).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Is there a way I get generate one via rails?
There's an AWS SDK for Ruby. Check out docs.aws.amazon.com/AWSRubySDK/latest/AWS/STS.html
Thanks I'll investigate this!
So am I supposed to make an IAM user with certain security parameters and provide session tokens to each of my clients with those tokens when needed?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.