aws-mobile-appsync-sdk-ios icon indicating copy to clipboard operation
aws-mobile-appsync-sdk-ios copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Using ACL with AppSync

Open geeklingo opened this issue 3 years ago • 3 comments

The CodeGen code in API.Swift doesn't have the required lines I need to pass in my ACL settings. How do I configure ACLs to work with S3 and AppSync?

Provide code snippets (if applicable)

Environment(please complete the following information):

  • AppSync SDK Version: current
  • Dependency Manager: Cocoapods
  • Swift Version : 5.0

Device Information (please complete the following information):

  • Device: iPhone 12
  • iOS Version: iOS14
  • Specific to simulators:

geeklingo avatar Mar 22 '21 09:03 geeklingo

@geeklingo Could you provide some more detail in the form of appropriately redacted configs & code samples? How are you specifying your models? What "ACL"s are you referring to specifically? How are you expecting to be able to pass them? How are you generating the models?

palpatim avatar Mar 24 '21 14:03 palpatim

@palpatim (love the name btw), i am using inline config. So, redacted example:

let awsDevEnv: [String: Any] = [
    "IdentityManager": [
        "Default": [:]
    ],
.
.
<snip>
.
.
    "S3TransferUtility": [
        "Default": [
            "Bucket": "my-bucket-name",
            "Region": "my-region-1"
        ]
    ]
]

Downloading works fine but when uploading you get a permissions error. And it's because of this line in codgen API.swift: let _ = self.uploadFile(s3Object.getLocalSourceFileURL()!, bucket: s3Object.getBucketName(), key: s3Object.getKeyName(), contentType: s3Object.getMimeType(), expression: nil, completionHandler: completionBlock).continueWith { (task) -> Any? in changing the codegen to the following fixes the issue:

    let expression  = AWSS3TransferUtilityUploadExpression()
    expression.setValue("public-read-write", forRequestHeader: "x-amz-acl")
    expression.setValue("public-read-write", forRequestParameter: "x-amz-acl")
  
      let _ = self.uploadFile(s3Object.getLocalSourceFileURL()!, bucket: s3Object.getBucketName(), key: s3Object.getKeyName(), contentType: s3Object.getMimeType(), expression: expression, completionHandler: completionBlock).continueWith { (task) -> Any? in

But as you can appreciate, modifying the generated code isn't ideal and I've already been caught out a few times with my changes being overwritten.

I just want to know, how I can pass that same ACL info when using AppSync and in memory config.

geeklingo avatar Mar 24 '21 21:03 geeklingo

Thanks for clarifying.

We won't be taking canned ACL support in generated API.swift code as a feature request. This is not a common use case (yours is the first request for this I can think of), and our recommended pattern is to upload to prefixes that have IAM policies configured with appropriate access control. (In your case, for example, you could set up a prefix like public-rw and IAM policies allowing GetObject and PutObject for objects in that prefix. You'd then construct your object key by prepending that prefix, as in let key = "public-rw/\(oldKey)".)

To get started with that, you can review our Amplify docs for how we configure IAM policies by prefix, and adapt those patterns for your specific use cases.

palpatim avatar Mar 25 '21 15:03 palpatim