AWS iOS SDK with KMS

Question

I'm trying to find examples or patterns on how to use the AWS iOS SDK with KMS to no result.

The iOS SDK docs here:

https://aws.amazon.com/developers/getting-started/ios/
https://github.com/aws/aws-sdk-ios

seem to have implied in S3 and EC2 examples but none isolate any KMS examples.

Suggestions?

score 1 · Answer 1 · answered Nov 01 '16 at 07:09

If you are looking for server side encryption in AWS S3 with your AWS KMS CMK, then you can specify that, you need to do server side encryption for my data in upload request itself.

The code is here for uploading image to AWS S3 With server side encryption using AWS KMS CMK.(Code written in swift 3)

@IBAction func uploadButtonPressed(_ sender: AnyObject) {
    if documentImageView.image == nil {
       // Do something here
    } else {
        let image = documentImageView.image! // I picked image from my imageView named as "documentImageView". You can choose from wherever you want.
        let fileManager = FileManager.default
        let path = (NSSearchPathForDirectoriesInDomains(.documentDirectory, .userDomainMask, true)[0] as NSString).appendingPathComponent("\(imageName!).jpeg")
        let imageData = UIImageJPEGRepresentation(image, 0.99)
        fileManager.createFile(atPath: path as String, contents: imageData, attributes: nil)

        let fileUrl = NSURL(fileURLWithPath: path)
        uploadRequest?.bucket = "S3BucketName"
        uploadRequest?.key = "yourImageName.jpeg"
        uploadRequest?.contentType = "image/jpeg"
        uploadRequest?.body = fileUrl as URL!
        uploadRequest?.serverSideEncryption = AWSS3ServerSideEncryption.awsKms
        uploadRequest?.ssekmsKeyId = "Your AWS KMS CMK id" 
        uploadRequest?.uploadProgress = { (bytesSent, totalBytesSent, totalBytesExpectedToSend) -> Void in
            DispatchQueue.main.async(execute: {
                self.amountUploaded = totalBytesSent. // To show the amount of data uploaded 
                self.fileSize = totalBytesExpectedToSend
            })
        }

        let transferManager = AWSS3TransferManager.default()
        transferManager?.upload(uploadRequest).continue(with: AWSExecutor.mainThread(), withSuccessBlock: { (taskk: AWSTask) -> Any? in

            if taskk.error != nil {
                // Error
            } else {
               // Handle success response
            }
            return nil
        })
    }
}

NOTE: If you didn't provide your AWS KMS CMK id to property ssekmsKeyId in upload request, then AWS S3 will create one default CMK id which is unique to your IAM(if your are accessing AWS S3 using your IAM credentials) or root credentials(if your are accessing AWS S3 using your root credentials). Further encryption/decryption will be done by using this default CMK id only until you specify the your CMK Id in ssekmsKeyId property in upload request.

score 0 · Answer 2 · answered Apr 17 '16 at 22:44

0

Also looking for this. They have KMS api on Javascript (browser,node), Android (Java), and even C++ (which might work on iOS.. but please).

But not in the iOS SDK. Sigh.

answered Apr 17 '16 at 22:44

Michael Gray

611
1
5
13

1

I ended up going the URL signing route using their REST APIs. – sparkFinder Apr 18 '16 at 05:46

AWS iOS SDK with KMS

2 Answers2