I am trying to figure out what is the best practice to integrate AWS S3 in my android app.
As a pre-work I have an s3 bucket which I can upload\download\delete using the python/java SDK and now I want to implement it in my android app.
I found on the web different approaches and can not get my head straight what is the recently\correct way doing it.
My research brought the following result:
mobile hub - https://grokonez.com/android/uploaddownload-files-images-amazon-s3-android
or in the amazon offical - https://docs.aws.amazon.com/aws-mobile/latest/developerguide/mobile-hub-add-aws-mobile-user-data-storage.html
user pool\cognito -https://101apps.co.za/index.php/item/195-android-and-amazon-s3-secure-file-storage-in-the-cloud
github project - https://github.com/nimran/Amazon-S3-Integration-in-Android - when i clone and try to activate it most of the aws calls are deprect.
another amazon official, this time using Android SDK - https://aws-amplify.github.io/docs/android/storage
I am looking for a guide\repo which is up to date and explain the correct way to integrate S3 in an android app.
thx
#helpper The best way is to follow the official documentation which contains nice sample code to start, always updatated and easy to follow instead of any other sites.
For now you can follow the Android Sdk docs or the Amplify framework but the amplify framework is currently is in Preview stage which will be ready in few days.
I would recommend using Cognito Identity Pools here to generate temporary AWS Credentials (which are obtained via AWS STS). Those credentials can be further used to invoke relevant AWS S3 API calls, and thus satisfy your application development requirements.
Cognito Identity Pools support both Unauthenticated Access and Authenticated Access, so with relevant roles, you would need to select appropriate IAM JSONs for both cases, to ensure your software remains robust and secure.
Since you are developing your application on Android(with Java), I would highly recommend this official AWS documentation as your starting point.
Check the sample app: aws labs.
Build the app and customize it accordingly. Just change the settings in "aws configuration file".
Prerequisite:
Android Studio
S3 bucket
aws cognito (identity pool)
aws IAM role (identity pool role, having access to S3 bucket)
Hope this helps!
Related
We have the application hosted locally not on EC2. Is it possible to access the AWS S3 using the IAM Role instead of profile or credentials from java?
The security team has raised concern about storing the credentials locally as it is vulnerable.
As far as I have googled, I have found options to access using Credentials stored in Environment or in .aws as a profile. If we need ROLE based authentication, then the application is supposed to be deployed in EC2. But we have the server hosted locally.
Please provide if you have any suggestions.
I'm not sure I understand what you want to do, but why not assign a dedicated user to that role?
Another thing you might find useful, is using temporary credentials. In general, Amazon have two services for this - Cognito and STS (as far as I understand, Cognito is using STS behind the scenes). They have different limitations, but in general, they allow you to receive credentials for limited time. This way, you will get an access id, a secret (and also a session id), but they will be temporary.
We have the application hosted locally not on EC2. Is it possible to access the AWS S3 using the IAM Role instead of profile or credentials from java?
Service-roles are bound to AWS services, so - long story short - for your on-premise server you need to use AWS API keys.
The security team has raised concern about storing the credentials locally as it is vulnerable.
Unfortunatelly - at the end you need to store the credentials somewhere. Even using services such as Cognito or STS you will need to store the credentials for the service somewhere (effectively - for any external or cloud service regardless what cloud or service you may use).
IMHO the best you can do is using dedicated AWS credentials (API keys) with only permission what are really needed.
I've been working on my personal project -- Spring MVC Application which integrates with AWS Cognito. I have created user pool and linked the pool to a federated identity (not using Facebook or Google to authenticate). Since the SDK that Amazon provides is for Android development in Java, CognitoUserPool is asking to add "android.context.Context" as one of the arguments. Is there any way to get context that works on Spring MVC to integrate with AWS Cognito?
You are probably using wrong SDK. Amazon provides SDK for Java and SDK for Android. Make sure, you are using the right one.
I am seeking information about using Firebase (as database) for Java. Is this possible along with hosting of Java (using Spring framework) project over Firebase hosting.
It is possible. Use Google App Engine an environment for running application code in the cloud; Platform as a service (PaaS).
Below is description how make to make basic example.
In the this tutorial, you'll learn how to:
Create a backend service running on App Engine using Android Studio.
Connect the backend service to your data in Firebase.
The sample app stores a to-do list in Firebase, which automatically synchronizes the data across devices, and then uses backend logic running on App Engine to send out daily reminder emails:
https://cloud.google.com/solutions/mobile/firebase-app-engine-android-studio
By connecting App Engine to a Firebase database, you can perform complex logic on data without having to manage synchronization and updates; Firebase handles that for you.
No. Firebase offers hosting for static assets only.
The Google Cloud Run seems is most suitable for what you want.
Consider to check the documentation and pricing. Like firebase, cloud run also has a free tier that can help you develop your app with no costs.
The cloud run supports several programming languages including Java.
Once created the service you can try to connect to your firebase project...
Cloud Run Java Documentation
I have a Google App Engine application deployed which contains and manages user data. My users may want to share their personal data with third party sites. Think Garmin sharing running data with myfitness pal or Strava.
The google documentation is gives good examples for using endpoints with iOS, Android, and javascript based web apps. These examples use a client id but not a "client secret" and do not involve refreshing the access tokens.
I have a javascript app running on a third-party site that does one time lookups against the api well.
I’d like to create a sample server app, preferably in java, that would connect periodically using an assigned client secret and refresh access tokens.
I have found documentation for accessing Google API's at the second link below but it is not clear if "Google APIs" include Google App Engine endpoints or just the standard suite of google apis.
What is not clear to me is that at the first link the documentation suggests that a client library needs to be generated from the backend endpoint api using maven or the endpoints.sh tool. Examples are provided for iOS/Android but there is no discussion for third party access.
Does anyone know is the server access configuration I describe possible with custom endpoints? Has anyone encountered example code for a server app that uses refresh tokens against an endpoint api?
Thanks!
End Points Documentation:
https://cloud.google.com/appengine/docs/java/endpoints/auth
OAuth Documentation:
https://developers.google.com/identity/protocols/OAuth2InstalledApp
We are porting our application over to GAE and one of the options it has is to render to a printer? Is this possible in GAE (being in the cloud it may not have the concept of printers). If so, how is that done? (Google search does not appear to show anything.)
thanks - dave
We have used Google Cloud Print in the office before where you can configure your printers and share them using Google Cloud Print. Here are a list of Cloud Ready Printers. There also seems to be an API for Cloud Print which I believe you can explore calling from your GAE servers using the URL Fetch service, authentication is managed using OAuth2 for which you can use the OAuth2 client libraries.
I think the first step is to check if you need to keep your existing printers and if they can be added to Google Cloud print, if this is possible then you can explore using the Cloud Print APIs from your GAE App, see the following links in the docs:
https://developers.google.com/cloud-print/docs/proxyinterfaces
https://developers.google.com/cloud-print/docs/devguide
If your printers do not support cloud print unfortunately you might have to develop and expose your own API that accepts jobs and sends them over to network printers