有麻烦了解如何使用Android SDK AWS [英] Having trouble understanding how to use the Android AWS SDK
问题描述
我建立一个应用程序,将使用Amazon的SimpleDB服务。它使用亚马逊的 AWS Android SDK中。据我了解,这是不建议我硬Ç我的亚马逊凭据(访问ID和秘密密钥)$ C $到我的应用程序,因为它不是太难查找字符串应用程序二进制文件。我该如何去在一个安全的方式,从我的应用程序访问的SimpleDB?我想我应该使用密钥库,但我不知道该怎么做。
I am building an app that will use Amazon's SimpleDB service. It uses Amazon's AWS Android SDK. As I understand, it is not recommended that I hard-code my Amazon credentials (access Id and secret key) into my application, since it's not too difficult to look up the strings in the application binaries. How do I go about accessing SimpleDB from my app in a secure way? I think I'm supposed to use the KeyStore, but I have no idea how to do that.
如果有帮助,我使用的Eclipse作为我的IDE(我说的这情况下,Eclipse可以让这整个亚马逊凭证事情简单了很多)。
If it helps, I'm using Eclipse as my IDE (I'm saying this in case Eclipse can make this whole Amazon credential thing a lot simpler).
推荐答案
AWS提供了有关的凭证管理移动应用。
AWS provides detailed information about credential management in mobile applications.
有讨论的两种模式:
- 通过服务器代理请求
- 进行直接请求AWS
这两个选项之间的选择基本上可以归结为是否想要把你的应用程序逻辑在移动设备上或者在您的服务器(这可能是AWS EC2服务器)。如果你决定把你的逻辑在服务器上,那么你就不必担心这会让任何AWS凭据的移动设备上。然而,如果你想直接从移动应用程序访问AWS那么你如何管理这种互动的问题。对此也有两种情况:
The choice between these two options basically boils down to whether you want to put your application logic on the mobile device or on your servers (these could be AWS EC2 servers). If you decide to put your logic on the server then you don't have to worry about putting any AWS credentials on the mobile device. If however you do want to access AWS directly from the mobile App then you have the problem of how to manage this interaction. There are again two scenarios:
- 客户使用自己的AWS帐户
- 应用提供商使用他们的AWS帐户
如果您所提供的应用程序,允许用户管理自己的AWS服务的第一个场景都可以使用。对于大多数客户面对的应用程序,你将使用自己的帐户。为了解决这个问题第二种情况AWS目前建议使用IAM来管理用户的帐户池,他们的解释是如下:
The first scenario could be used if you are providing an app that allows customers to manage their own AWS services. For most customer facing apps you will be using your own account. To address this second case AWS currently recommends using IAM to manage a pool of users for your account, their explanation is below:
在这个解决方案,客户池是由IAM在您的AWS账户管理。移动应用程序的用户会被重定向到托管在一个单独的服务器机群的登录页面。因为你拥有并经营管理身份验证应用的服务器,你可以验证应用程序用户的身份发布AWS安全证书的移动应用程序之前。
In this solution, a customer pool is managed by IAM under your AWS account. Mobile application users are redirected to a login page hosted in a separate server fleet. Because you own and operate the servers managing authentication for your applications, you can validate the identity of the application user prior to distributing AWS security credentials to the mobile application.
而不是使用同一套AWS凭据每个应用程序的用户,可以使用AWS身份和访问管理(IAM)以编程方式创建一个新的IAM用户根据您的AWS帐户中的每个应用程序的用户。
Rather than using the same set of AWS credentials for every application user, you can use AWS Identity and Access Management (IAM) to programmatically create a new IAM User for each application user under your AWS account.
AWS身份和访问管理(IAM),您可以创建多个用户和管理权限,对每个在您的AWS帐号,这些用户。用户是经过身份(在您的AWS账户)具有可用于访问AWS服务独特的安全证书。 IAM无需共享密码或跨越的客户,应用程序和用户访问键;并可以很容易地启用或禁用用户的访问权限适当。 IAM提供了更大的灵活性,控制和安全传递安全凭证到移动应用程序时。您可以了解更多有关IAM的 http://aws.amazon.com/iam/ 。
AWS Identity and Access Management (IAM) allows you to create multiple Users and manage the permissions for each of these Users within your AWS Account. A User is an identity (within your AWS Account) with unique security credentials that can be used to access AWS Services. IAM eliminates the need to share passwords or access keys across customers, applications, and users; and makes it easy to enable or disable a User's access as appropriate. IAM offers more flexibility, control and security when passing security credentials to a mobile application. You can learn more about IAM at http://aws.amazon.com/iam/.
这篇关于有麻烦了解如何使用Android SDK AWS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
