Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Use the rest API would be the other option. Look into signed urls.
Ideally, you should put a facade service in front of your app that abstracts the s3 access and secure it using your user's identity. Letting users directly manipulate s3 on your account is a very bad idea.
@SortOfTested i only needed to give a read access to the logged in users . But i am not using the amzon cognito based authentication but rather a firebase based auth.
As of now i am not using the amplify's classes directly but rather its parent(?) classes of aws s3 sdk ( which i guess is deprecated by the aws but somehow still accessible if we just add the amplify storage library
I have also created an iam user which can read s3 buckets whose access keys i will be bundling with the app. So is that a correct approach? Or it can be done in a better manner?
@SortOfTested hey this helped , thanks. After searching through a million urls, i was finally able to get my videos working.
I am using something called presigned urls, so that the urls are not sending the iam keys directly but rather the encryption algo, some timestamp , some public hash and other stuff. It was my first time using aws services, nd its so complicated yet so dope!
I am still bundling the iam user keys within app, so i guess that could use a better alternative .