amplify-android icon indicating copy to clipboard operation
amplify-android copied to clipboard
verified publisher icon aws-amplify

Example of S3 upload using STS

Open lon9man opened this issue 1 year ago • 3 comments

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication, Storage

Gradle script dependencies

Environment information

Please include any relevant guides or documentation you're referencing

No response

Describe the feature request

Hello, team. we need general guidance for the simplest example in the world.

we have:

  1. PHP API backend. it implements login-functionality
  2. android mobile application (and swift application also)
  3. AWS infrastructure

we need to implement:

upload to S3 from mobile apps

basic flow:

a) user logins using PHP API backend on mobile app. receives auth TOKEN back b) user chooses file and presses button Upload

so to implement upload we should use for example Amplify. BUT WITHOUT ANY COMPLEX WRAPPERS like Cognito, Sign-In with Apple, Sign-In with Amazon, Sign-In with Facebook and etc. we don't want to have user database on AWS or sync it there from PHP backend.

as far as i feel it is possible to make using STS. saying mobile app receives from PHP API backend temporary STS-token and will use it to call AWS. BUT i don't see how this STS can be injected into Amplify?

questions:

  1. what is SEVERAL possible approaches to implement this on simplest manner using our architecture?
  2. how to inject STS token into Amplify Storage and other services?

thanks!

Initialization steps (if applicable)

No response

Code Snippet

No response

amplifyconfiguration.json

No response

GraphQL Schema

Additional information and screenshots

No response

lon9man avatar Nov 18 '24 14:11 lon9man

Hi @lon9man - this (providing custom/non-cognito credentials) is not currently supported in the Amplify Storage category. I'll mark this issue as a feature request for this library.

That being said, it should be possible to use STS credentials by directly using the lower-level AWS SDK for Kotlin.

I can't give you in-depth support for the AWS SDK, but I believe that what you want to do is something like the following:

  1. Create a StaticCredentialsProvider with the credentials available from your service.
  2. Instantiate an S3Client and pass your credentials provider.
  3. Use the S3Client to upload your file.

If you have any issues or further questions about this I'd recommend posting a discussion question in the AWS SDK for Kotlin repository. Hope that helps!

mattcreaser avatar Nov 18 '24 15:11 mattcreaser

Hi, any solution to solve this problem?@mattcreaser

wangirving avatar Aug 05 '25 09:08 wangirving

Matt's recommendation is still accurate. You will need to use the AWS SDK for Kotlin to upload with your own injected credentials.

tylerjroach avatar Aug 05 '25 12:08 tylerjroach