Integrate Amazon web services in android for secure data from AWS

Posted By : Keshav Gupta | 31-Aug-2017

Step1:Integrate aws sdk in android

Add following dependencies in app/build.gradle

compile 'com.amazonaws:aws-android-sdk-core:2.2.+'
compile 'com.amazonaws:aws-android-sdk-s3:2.2.+'
compile 'com.amazonaws:aws-android-sdk-ddb:2.2.+'

 

Step 2: Add this code in AndroidManifest.xml

<uses-permission android:name="android.permission.INTERNET" />

 

Step 3: Obtain AWS credentials using amazon congnito.

We need to do get credentials using amazon cognito id as we should not use our amazon account private credentials in application.As any one can access our private credentials by using reverse engineering of apk file.So he can access and misuse our AWS account.So for security concern we need to use amazon cognito id as a credential provider in our application.This also allows you to set permissions to control which AWS services your users have access to.

To get started with Amazon Cognito,we need to create a Identity Pool.It is a set of user identity data specific to account.

To create an identity pool for your application:

  1. Login  to the Amazon Cognito Console and get your cognito id

Then further displays code that creates a credentials provider so you can easily integrate Cognito Identity with your Android application. You pass the credentials provider object to the constructor of the AWS client you are using. The credentials provider looks like this:

CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
    getApplicationContext(),    /*context of app*/
    "COGNITO_IDENTITY_POOL",    /*cognito pool id */
    Regions.MY_REGION           /* Region of server*/
);

Now finally comes the method which we will use to image/file url downloading.This method will provide you a signed url which you can use to file downloading.

public String getSignedUrl(String bucket,String key)
{
    String signedUrl = "";
    AWSCredentials credentials = new BasicAWSCredentials(
            "xxxxxxxxxxxxxxxxxxxx",
            "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
    AmazonS3 s3client = new AmazonS3Client(credentials);
    try {
        
        java.util.Date expiration = new java.util.Date();
        long milliSeconds = expiration.getTime();
        milliSeconds += 1000 * 60 * 60; // Add 1 hour.
        expiration.setTime(milliSeconds);
        GeneratePresignedUrlRequest generatePresignedUrlRequest =
                new GeneratePresignedUrlRequest(bucket, key);
        generatePresignedUrlRequest.setMethod(HttpMethod.GET);
        generatePresignedUrlRequest.setExpiration(expiration);
        URL url = s3client.generatePresignedUrl(generatePresignedUrlRequest);
        signedUrl = url.toString();
        Log.e("Pre-Signed URL = ",url.toString());
    } catch (AmazonServiceException exception) {
        
        Log.e("Server Error Message: " + exception.getMessage());
  
      } catch (AmazonClientException exce) {
      
        Log.e("Server Error Message: " + exce.getMessage());
    }
    return signedUrl;
}

In above method  we can directly put our private credentials of aws to access signed url.But it will be not secure.So we can replace 4th line of this method with above defined cognito code structure and can pass its object in  amazons3 constructor class. like thisIn above method  we can directly put our private credentials of aws to access signed url.But it will be not secure.So we can replace 4th line of this method with above defined cognito code structure and can pass its object in  amazons3 constructor class. like this. 

CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
    getApplicationContext(),    
    "COGNITO_IDENTITY_POOL",
    Regions.MY_REGION           
);
AmazonS3 s3client = new AmazonS3Client(credentialsProvider);

About Author

Author Image
Keshav Gupta

Keshav Gupta is Android Developer in Oodles, he always look forward for new tasks and new things to learn more.

Request for Proposal

Name is required

Comment is required

Sending message..