Is it safe to store AWS credentials in-app (upload to s3)

Hey guys. Use case is simple. I need to upload an image to S3 from the app. Question is, is it safe to store the aws credentials in app in order to be able to do that? If so, are there any best practices?

Thanks in advance.

I strongly recommend that if you decide to go this route, you set up an IAM role that enables only the uploading of files to a selected folder and use that credential. Do not embed your general/all-encompassing public/private keys.

Realize that you could have trolls uploading super-large files, so you’d need to stay on top of the uploads to make sure you’re not spending more than you anticipated. Fortunately, uploads to S3 are free… it’s only the downloads that cost. So, if I’m recalling everything correctly and they haven’t changed, you should only end up needing to pay your GB/mo fees.

Thanks for the answer @Category5. I went ahead with the server signed url’s but something is failing me. See here http://stackoverflow.com/questions/35252759/cordova-ionic-app-uploading-base64-image-to-s3-via-server-signed-url

If I wont be able to get to the bottom of this I’ll upload to my server and then from my server to S3. Although would have preferred to upload directly from the app.

Unfortunately, I haven’t yet worked with Angular/Ionic for uploading to S3, so I won’t be much help beyond my general recommendation regarding embedding credentials in your codebase. Good luck!

1 Like

Did you get this to work? I have a project now where I am struggling to figure it out…

Hey @kyleshelton5
Don’t bother with anything else than Cognito :slight_smile: It’s pretty awesome having the users get temporary privileges for every AWS service that you specify. That’s what I went with and I’m totally cool with it.

Good to know, How did you integrate into Ionic? Do you have a github repository I can check out? Im a newb, so please excuse my ignorance…

I know that the last reply was written a few months ago, but maybe my GitHub repository aws-cognito-ionic-demo will be helpful for someone in the future. This is an example how to integrate Ionic with AWS Cognito without storing AWS credentials. More details about this repository are here: AWS Cognito authentication in Ionic Framework.