I've a iOS app and I would like my users to upload images to S3 directly.
I need UserX to be able to upload folders to __MY_BUCKET__/UserX/* Only. So that each one of my users have their own folder and only they can modify content in them.
Given that scenario I need to create dynamic permissions to my S3 bucket
Is that possible?
If it is... maybe I am in the right path or not....
What I've done so far is
I am using this guide to create Elastic Beanstalk with a Token Vending Machine. Then I used this other guide to configure the TVM.
Now my issue with that in none of the guides it shows an example of how to register a dynamic user (my app user) or how get the token from the TVM or how to say "Hey TVM, this userID needs upload access to __BUCKET_/ThiUserID/*" from a iOS app.
So I guess what I wonder, is how do I fill the gaps if what I am trying to achieve is possible?
I'm one of the maintainers of the AWS Mobile SDKs. The page you linked to includes projects for both iOS and Android that show how to integrate the customized TVM code in a mobile application. I suggest you look there and if you need further clarification, please update your with specific questions about the code.
You may also want to look at our web identity federation sample which is included with the SDKs. In combination with IAM policy variables, you can generate dynamic policies without the use of a Token Vending Machine.
Related
Just because of authentication I need to create an app manifest and share the app manifest with users who want to test it .Is there a way to Authenticate user without creating app manifest so that I can directly share bot link with users.
Talking to your bot by ID is intended for basic testing purposes only. Any Teams-specific functionality you have added to your bot fails to work.
Doc ref: Talk to your bot directly by ID
In this example
Is is an OAUTH flow with Azure AD directory v2 without any app manifest.
This one is in java_springboot but you can find the same for your prefered langage in the samples directory. The number 18 (and all the others) in all samples is the example but in different langages.
We are working in RingCentral application and APIs with SMS and fax permissions.
The application recently moved to production from Sandbox environment.
We have now a requirement to add 2 additional permission ReadAccount, ReadContact in the app which was not added during sandbox testing.
How can we do that? I don't see any option to modify the app. Is there any way we can modify the existing app?
As per I know once your app is in production, you cannot change anything.
You need to ask devsupport#ringcentral.com for any help. Once they added the permission with your request (not sure if they do.. most probably they don't) you need to test again for that permission you acquired.
The official recommendation is to create a new app, add proper permissions and graduate it. So in that case you need to go through again.
As per the reference here
"You can clone the app, give it a new name or add a version to the new app name. Add the missing permissions and run test in the sandbox the same way as you did for the first app. Graduate your app and finally replace the client Id and secrete to use the new app. You can suspend the old app after that."
Similar question here: https://forums.developers.ringcentral.com/questions/1059/how-to-add-permissions-of-read-call-log-in-product.html
I'm evaluating potential content management systems I want to use for a project. Many of the users will need to upload static files and include links to the in their posts.
In the Admin UI I can only see the ability to upload an image in a post. Does anyone know if it is possible to upload files to Keystone through the Admin UI?
You could use their Amazon S3 storage adapter. Depending on which version of Keystone you're using (3 or 4), you'll have to do some different things. Either way, you need to make some credentials for Amazon S3's service and configure Keystone to work with it. From there, you can use Types.S3File to allow a certain part of your MongoDB model to be a reference to an S3 object. See this page for more info on the S3File type in Keystone.
Have a question regaring GCM and the google-services.json file creation. When you go to the website trying to create this file, you need to crete or specify a project. I can't find anywhere if this project must be created from the Google account used to publish the application in Google Play or any Google account would do.
Any ideas?
Thanks!
Updatate:
All accounts used are developer accounts. Just want to understand if it is a requirement to use the same Google account for the app in Google Play.
If you have already added the project to your google publication list then it should be in the pull down list. if not then you need to create it from the dash board here
you will need to have a paid developer account to do this. Which ever account you are logged in as needs to have the project in the dash board otherwise you wont get access to it
We are developing a mobile app using Parse as our BAAS solution but using Amazon S3 for storage of our media files. All of our users upload media files into their own individual folders inside of our app's bucket. As the user uploads media files we update their records in Parse so it knows where to download the files. That's the easy part.
I've spent quite a bit of time researching the different policies for S3 buckets and I am trying to get a grip on the proper way to ensure the security of the content uploaded. If you do all of your work with DynamoDB or SimpleDB then it's easy because you're essentially adjusting your ACLs with the IAM accounts and whatnot. If you use Amazon Cognito it's also easy because authentication happens through Google, Facebook or Amazon accounts. In my case I am using Parse to authenticate users which cannot speak to Amazon directly.
My goal is that only the currently logged in Parse user with ID #1234567 can access their own 1234567 folder and files (as well as any other user given permission by this person for collaboration). Here is a post similar to what I'm trying to accomplish: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication
...but how do I accomplish this with the current user's ID number?
Even better question is whether that post mentioned above is best practice or should I instead be looking at creating an EC2 server to handle access to these files? Should I be looking at CloudFront to serve private content? Or is there another method that works better for what I am trying to accomplish? I am going in circles and my head is spinning.
Thanks to whoever can help straighten me out.
Well since Parse is being shut down I am migrating to another service. This question is no longer relevant.