关于从 iPhone 应用和 S3 上传照片的架构和设计问题 [英] Architectural and design question about uploading photos from iPhone app and S3
问题描述
我想允许 iPhone 应用程序的用户上传照片并使用 Amazon S3.我认为有两种方法:
I want to allow users of an iPhone app to upload photos and use Amazon S3. There are 2 ways I see going about this:
- 从 iPhone 上传到我的服务器,然后代理到 Amazon S3.
- 从 iPhone 直接上传到 S3
对于选项 1,安全性很简单.我不必告诉 iPhone 我的 S3 秘密.缺点是所有内容都通过我们的服务器代理上传,这违背了进入 S3 的目的.
For option 1, the security is straightforward. I don't ever have to tell the iPhone my S3 secret. Downside is that everything is proxied through our server for uploads which sort of defeats the purpose of going to S3.
对于选项 2,理论上它更好,但问题是如何让 iPhone(或不同平台上的任何移动应用程序)写入我的 S3 存储桶而不给它我的秘密?此外,我不确定这是否是一个好的设计,因为流程将是:iphone 上传到 S3,获取 URL,然后告诉服务器 URL 是什么,以便它可以将其添加到我们的数据库中以在未来.但是,由于通信被分成 2 个分支(iphone->S3 与 iPhone->My-Server),因此它作为非原子操作很脆弱.
For option 2, in theory it's better but the issue is how do you enable the iPhone (or any mobile app on a different platform) to write into my S3 bucket without giving it my secret? Additionally, I'm not sure if this is a good design or not because the flow would be: iphone uploads to S3, gets the URL, then tells the server what the URL is so it can add it to our database to reference in the future. However, since the communication is separated into 2 legs (iphone->S3 vs iPhone->My-Server) it leaves it fragile as a non-atomic operation.
我发现了一些使用 使用 POST 的基于浏览器的上传,但不确定这是否仍然是推荐的方法.我希望有一个更好的解决方案,我们可以只使用 REST API 而不是依赖 POST.我还看到了 AWS iOS Beta SDK,但他们的文档没有多大帮助,我发现亚马逊文章同样没有帮助,因为它会提醒您不做,但没有告诉你另一种方法:
I've found some older info that references using Browser-based Uploads using POST but unsure if that is still the recommended approach. I'm hoping for a better solution where we can just use the REST APIs rather than relying on POST. I've also see the AWS iOS Beta SDK, but their docs didn't help much and I found an Amazon article that was equally unhelpful as it cautions you on what not to do, but doesn't tell you an alternative approach:
移动 AWS 开发工具包签署 API发送到 Amazon Web Services 的请求(AWS) 以验证AWS 账户的身份要求.否则,恶意开发人员可以轻松提出请求到另一个开发人员的基础设施.请求使用 AWS 签名访问密钥 ID 和秘密访问密钥AWS 提供的.秘密访问密钥类似于密码,它保守秘密非常重要.
The mobile AWS SDKs sign the API requests sent to Amazon Web Services (AWS) in order to validate the identity of the AWS account making the request. Otherwise, a malicious developer could easily make requests to another developer's infrastructure. The requests are signed using an AWS Access Key ID and a Secret Access Key that AWS provides. The Secret Access Key is similar to a password, and it is extremely important to keep secret.
提示:您可以查看您的所有 AWS安全凭证,包括访问密钥 ID 和秘密访问密钥,在AWS 网站位于http://aws.amazon.com/security-credentials.
Tip: You can view all your AWS security credentials, including Access Key ID and Secret Access Key, on the AWS web site at http://aws.amazon.com/security-credentials.
在源代码中嵌入凭据对软件来说是有问题的,包括移动应用程序,因为恶意用户可以反编译软件或查看源代码以检索秘密访问密钥.
Embedding credentials in source code is problematic for software, including mobile applications, because malicious users can de-compile the software or view the source code to retrieve the Secret Access Key.
有没有人对最好的架构设计和流程有任何建议?
Does anyone have any advice on the best architectural design and flow for this?
更新:我越深入,似乎一堆人建议使用带有 json 策略文件的 HTTP POST 方法,如下所述:http://docs.amazonwebservices.com/AmazonS3/2006-03-01/dev/index.html?使用HTTPPOST.html.
Update: The more I dig into this, it seems that a bunch of pople recommend using the HTTP POST method with the json policy file as described here: http://docs.amazonwebservices.com/AmazonS3/2006-03-01/dev/index.html?UsingHTTPPOST.html.
这样,流程将类似于 (1) iPhone 向我的服务器发出请求,请求策略文件 (2) 服务器生成 json 策略文件并返回给客户端 (3) iPhone 执行照片 + json 的 HTTP POSTS3 的策略.我讨厌我以一种明显笨拙的方式使用 HTTP POST,但它似乎更好,因为它完全消除了我的服务器存储照片的需要.
With this, the flow would be something like (1) iPhone makes request to my server, asking for policy file (2) server generates json policy file and gives back to client (3) iPhone does HTTP POST of photo + json policy to S3. I hate that I'm using HTTP POST in an apparently kludgy way but it appears to be better because it removes the need for my server to store the photo at all.
推荐答案
我已经讨论过这个问题 在 AWS 论坛 之前.正如我所说,从移动设备访问 AWS 的正确解决方案是使用 AWS Identity and Access Management 为每个用户生成临时的、有限权限的访问密钥的服务.该服务很棒,但目前仍处于测试阶段,还不是移动 SDK 的一部分.我有一种感觉,一旦这个东西永久发布,你就会立即在移动 SDK 上看到它.
I've discussed this issue on the AWS forums before. As I say there, the proper solution for accessing AWS from a mobile device is to use the AWS Identity and Access Management service to generate temporary, limited-privilege access keys for each user. The service is great, but it's still in beta for now and it's not part of the mobile SDK yet. I have a feeling once this thing is released for good, you'll see it out on the mobile SDK immediately afterwards.
在此之前,为您的用户生成预签名 URL,或通过您的代理像其他人建议的那样拥有自己的服务器.预签名 URL 将允许您的用户临时 GET 或 PUT 到您的一个存储桶中的 S3 对象,而无需实际拥有您的凭据(它们被散列到签名中).您可以在这里阅读详细信息.
Until then, generate presigned URLs for your users, or proxy through your own server like some others have suggested. The presigned URL will allow your users to temporarily GET or PUT to an S3 object in one of your buckets without actually having your credentials (they are hashed into the signature). You can read about the details here.
编辑:我已经为这个问题实施了一个适当的解决方案,使用 IAM 的预览版.它在 GitHub 上 available,您可以 在此处了解它.
EDIT: I've implemented a proper solution for this problem, using the preview beta of IAM. It's available on GitHub, and you can read about it here.
这篇关于关于从 iPhone 应用和 S3 上传照片的架构和设计问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
