I'm using AWS Amplify library in an IOS project and I can't find a way to pass metadata when using the Storage.uploadData method. The only two parameters that uploadData seems to accept are "key" and "data".
Is there a way to add metadata when using Amplify.Storage.uploadData?
Here is the API Reference...
https://aws-amplify.github.io/amplify-ios/docs/Protocols.html#/s:7Amplify26StorageUploadDataOperationP
Related
how can we make sure that a particular policy ( say S3 bucket access restriction policy ) is attached to all newly created Roles.
Can we write a Lambda that gets triggered only when a new Role is created and check and if missing attached required policies?
AttachRolePolicy API can be used to attach policy to a role. Are there any examples available in AWS Lambda to get this done?
Does Terraform provides any such modules readily available that can be referred in this context.
Yes, this is possible. You can configure a lambda function that's triggered by EventBridge via CloudTrail when a specific AWS API is called. Take a look at the doc here. Since this is pretty simple, I don't think there is a specific module created for this. You can write your own directly based on the resources in the AWS provider.
Python SDK for AWS Boto3, is having multiple APIs that can be used like adding a role, policy etc. It is very simple and documentation is awesome.
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html
an example to attach a policy to an existing role:
client= boto3.resource('iam')
response = client.attach_role_policy(
PolicyArn='arn:aws:iam::aws:policy/ReadOnlyAccess',
RoleName='ReadOnlyRole',
)
Similarly other clients can be grabbed for other AWS services.
I put tag information in tags in provider of serverless.yml. After executing sls deploy, I checked lambda from console of AWS, tag setting was done. However, when we confirmed the apigateway from AWS' console, the tag information was empty.
How can I tag information to the API gateway resource?
Tags for API Gateway arrived after serverless' core functionality was developed.
There is an open issue on Github discussing the inclusion of this functionality.
Right now you'll have to use the serverless-tag-api-gateway plugin to manually add tags to these resources.
I'm using AWS amplify to create an app, where users can upload images using either private or public file access levels, as described in the documentation. Besides this, I've implemented a lambda function which upon request through API gateway modifies an image and returns a link to the modified image.
What I want is that a given user should be able to call the API and modify only his own images, but not that of other users; i.e. allow the AWS lambda function to use the execution role from the cognito user. If I allow the lambda function to access all data in the S3 bucket then it works fine - but I don't want users to be able to access other users images.
I've been at it for a while now, trying different things to no avail.
Now I've integrated the API with the user pool as described here:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
And then I've tried to follow this guide:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-group/
Which does not work since the "cognito:roles" is not present in the event variable of the lambda_handler (presumably because there are not user pool groups?).
What would the right way be to go about this in an AWS Amplify app?
Primarily, I've followed this guide:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-group/
Use API Gateway request mapping and check permissions in Lambda itself:
Use API Gateway request mapping to pass context.identity.cognitoIdentityId to Lambda. Just it should be a Lambda integration with mapping (not a Proxy integration). Another limitation is that API request should be POST, for GET it's also possible if you map cognitoIdentityId to query string.
Lambda has access to all files in S3
Implement access control check in Lambda itself. Lambda can read all permissions of the file in S3. And then see if owner is Cognito user.
So I'm completely new to lambda and S3 and I need to be able to let a client send and retrieve image uri data from S3
Anyone know where I should start?
if you want your clients , send and retrieve images and metadata about the images to s3 , you don't even lambda to do so , you can use any of AWS sdk's available for a variety of programming languages to directly interact with s3.
for e.g, I am attaching a link to example to make a photo gallery type application using s3 and javascript sdk for AWS. you can do such with any programming language for whch sdk are available
https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/s3-example-photo-album.html
Your client can directly interact with AWS S3 using AWS SDK for javascript, using this client can directly upload and retrieve data from the browser.
If you are planning to use S3 with lambda. Attach API Gateway endpoint to AWS Lambda, using this endpoint your client can make REST calls to your Lambda.
Write a Lambda function to handle GET and POST request to retrieve and send data. One Lambda function can have only one entry point, keep this in mind while writing code.
Use this lambda function to connect to S3. As you are new, keep in mind to give Lambda role permission to access S3.
I've build an API onto our Meteor backend, using Restivus. I would like to document it using Swagger, but the API is generated from MongoDB collections.
I would like to 'read' all the endpoints, and then generate a static Swagger file. Then I will update it from there. Is this possible?
eg: pass it something like :
http://servername.com/api/v1
And receive a listing of all available endpoints?