0

I am working on an Android app that has the AWS SDK in it. The users are already authorized through Cognito. I also created the IAM roles which should give me DynamoDB and s3.

At present the authorization and DynamoDB are working. When I query the table it works fine and i get the link (I copied and pasted to database) to my s3 file.

When i go to load the file nothing is happening. So my question is do need to be getting the url from DynamoDB and then presigning it before I load with Picasso? Or should the fact that my user is authorized to do anything with my s3 bucket be enough?

Thanks for your help

Nicholas Muir
  • 2,897
  • 8
  • 39
  • 89
  • You need to change your bucket permissions/policy. Try generating a new policy and attach to your bucket. https://awspolicygen.s3.amazonaws.com/policygen.html – Gangaraju May 24 '16 at 03:32
  • There is already some speculative guesswork going on in comments and answers here, so let's slow down and clarify the issue, please -- "Picasso" is a 3rd party app, and you are fetching a link from a database (happens to be dynamodb) and passing a link to the object over to it? (You're not downloading the object in your app, and passing the payload over). Right? – Michael - sqlbot May 24 '16 at 12:29
  • @Michael, I am not really sure what you mean. In my database I have stored the direct URL link as a string. I return that string as the URL to to Picasso. When I make the file public everything works fine but in its normal state it is not. As I said in my question I have setup my IAM roles to allow access for everything in the S3bucket. However that does not seem to be making a difference. I have tried what the others have said and I can't see a way to make permission in DynamoDB for my app authenticated user just all AWS authenticated users. – Nicholas Muir May 24 '16 at 19:19
  • What I'm still unclear on is this: what is Picasso? – Michael - sqlbot May 24 '16 at 19:44
  • Picasso is an image loading library, it does loading of images on demand and handles the background thread and caching. http://square.github.io/picasso/ – Nicholas Muir May 24 '16 at 19:51
  • Okay, so you're passing it a URL? It seems like you'll need to sign that in your app. The permissions granted to your users can't "just work" unless you're using an AWS SDK to do the actual requesting from S3 ... and presumably Picasso is doing it's own thing over HTTP to fetch the object... right? – Michael - sqlbot May 24 '16 at 20:32
  • @Michae-sqlbot l see what you mean Picasso being a independant entity in this regard. Thanks for you help – Nicholas Muir May 25 '16 at 03:43

1 Answers1

3

If your role in Cognito has the correct permissions to access the S3 bucket, you do not need a presigned url. With that said, that only works if you are using the AWS Android SDK with Cognito credentials to access the file (i.e. using S3TransferManager or an S3 Get), if you are attempting to access the file directly through a web browser or if Picasso is trying to download the file without using Cognito credentials it will not work. You can use the AWS Android SDK, in conjuction with the bucket and key to generate a presigned url with this method that will be usable both by Picasso and a Web Browser.

perpil
  • 1,521
  • 7
  • 5