2014/05/07

How to secure connection between AWS SDK and mobile APP(Android, iOS)?

This article shows the steps to build the secure connection between AWS SDK and mobile APP(Android, iOS).

   Using the root key(access key ID, secret access key) in your mobile application in plain text is very dangerous.
AWS has a service for mobile client devices to connect to the AWS. The TVM(Token Vending Machine) creates a temporary credentials for mobile clients.
The IAM(Identity and Access Management) user is a limited grant permissions user for access AWS.
Here we will create a IAM user and build a TVM server for anonymous registration.

Step1:Fallow the steps to create a user to your AWS account for the TVM. Start from the paragraph "To add a user to your AWS account for the TVM" from this link. Token Vending Machine for Anonymous Registration - Sample Java Web Application.

Step2:Create a TVM server. Start from the paragraph "Create the AWS Elastic Beanstalk application" from this link. Token Vending Machine for Anonymous Registration - Sample Java Web Application.

Step3:Now you should have a IAM user and a TVM server runs on your AWS account. Download the AnonymousTVM sample for test. If you using Android download from this link aws-sdk-android-samples. This is for iOS aws-sdk-ios-samples. Fallow the README.md to run the project.


Step4:If you have a existed project using the root key, you can easily change to TVM. Copy the necessary files from the example to your project. These are iOS example files.
remove the Create Certificate codes.
        //Create Certificate
        mCertificate = [[AmazonCredentials alloc] initWithAccessKey:AccessKeyID withSecretKey:SecretAccessKey];
        
        //Initialize DynamoDBClient
        mDdbClient = [[AmazonDynamoDBClient alloc] initWithCredentials:mCertificate];

Change the access code.
From
DynamoDBPutItemResponse *response = [mDdbClient putItem:request];

To
DynamoDBPutItemResponse *response = [[AmazonClientManagerRunway ddb] putItem:request];

And That's it.

No comments:

Post a Comment