swift iOS S3 access denied while using Mobile Hub configuration

Question

I am currently using Mobile Hub in my app. When I tried to use S3 to upload photos to my bucket, I copied in verbatim the function from documentation here to download/upload files: https://docs.aws.amazon.com/aws-mobile/latest/developerguide/add-aws-mobile-user-data-storage.html

This is my code in Swift trying to utilize the S3TransferUtility:

func uploadData(data: Data, fileName: String) {

let expression = AWSS3TransferUtilityUploadExpression()
expression.progressBlock = {(task, progress) in
    DispatchQueue.main.async(execute: {
        // Do something e.g. Update a progress bar.
    })
}

var completionHandler: AWSS3TransferUtilityUploadCompletionHandlerBlock?
completionHandler = { (task, error) -> Void in
    DispatchQueue.main.async(execute: {
        // Do something e.g. Alert a user for transfer completion.
        // On failed uploads, `error` contains the error object.
    })
}

let transferUtility = AWSS3TransferUtility.default()

transferUtility.uploadData(data,
                           bucket: "my bucket name",
                           key: fileName,
                           contentType: "image/jpeg",
                           expression: expression,
                           completionHandler: completionHandler).continueWith {
                            (task) -> AnyObject? in
                            if let error = task.error {
                                print("Error: \(error.localizedDescription)")
                            }

                            if let res = task.result {
                                // Do something with uploadTask.
                                print(res)
                            }
                            return nil
}
}

I get this error in the console: Image of Error in Console

I've investigated into AWS S3 and the awsconfiguration.json file provided and everything seems to be in order:

AWS IAM Console

AWSConfiguration.json file in my project

Right now I'm confused because I thought that Mobile Hub was supposed to take care of the IAM configurations and what not for every thing.

Could someone please point me in the right direction to get this fixed? Thank you.

Answer 1

AWS Mobile Hub creates the following folders in your S3 bucket. Each folder has preconfigured permissions in IAM based on the Cognito authentication status of your app's user.

• Public

  Any authenticated user can read or write to this folder

• Private

  Authenticated users can only read or write from their folder (e.g. private/{identityId})

• Protected

  Any authenticated user can read, but only the owner can write to their folder (e.g. protected/{identityId})

• Uploads

  Any authenticated user can write, but only the owner can read content in this folder

This prior answer might also be helpful: How do I upload a file into a protected s3 bucket from Swift using the s3 bucket created by AWS mobile hub?

Answer 2

The solution had to do with the setup of the bucket that Mobile Hub does automatically as well as some of the code on the front end.

Starting with the front-end you need to manually configure your credentials like so: //Setup credentials let credentialsProvider = AWSMobileClient.sharedInstance().getCredentialsProvider()

//Setup the service configuration
let configuration = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialsProvider)

//Setup the transfer utility configuration
let tuConf = AWSS3TransferUtilityConfiguration()
tuConf.isAccelerateModeEnabled = false


//Register a transfer utility object
AWSS3TransferUtility.register(
    with: configuration!,
    transferUtilityConfiguration: tuConf,
    forKey: "transfer-utility-with-advanced-options"
)


//Look up the transfer utility object from the registry to use for your transfers.
let transferUtility = AWSS3TransferUtility.s3TransferUtility(forKey: "transfer-utility-with-advanced-options")

Content type should also be image/png.

Lastly, when using mobile hub, there are four initial folders created inside of your bucket. You have to specify which folder you want your content to be uploaded into. So far, I have only been able to upload into the public. You can specify this under the "key" parameter in the function uploadData.

While going through the bucket, in the private and protected folders there was a readme that said "Folders will be generated for each user in this directory. Mobile App users can upload, download and list files only in their own sub-folder.", but the folders are empty and I have no idea how to use these folders. Could someone please assist me with this? Thank you

Answer 3

Ok, I suffered this same error and kept thinking why should I make the bucket public to get away with this error. Then I realized one kind of silly mistake which I did. While I was adding this storage via Amplify CLI ($amplify add storage) there is an option which asks for "Auth users" or "Auth & Guest". After that there are some choices like

1. Create/Update
2. Read
3. Delete

I chose only option 1, create/update assuming that all users who can create will still be able to see. And that was the mistake. I needed to select both Option 1 and 2. Which kind makes sense now.

I had to delete my storage and add back to debug this. Then it started to work for download and upload also. Please do remember the public, protected folder also is important.

Hope this helps someone who has the same problem.