BayunS3 is a sample application that uses overridden methods from S3Wrapper SDK for secure storage onto AWS S3. The app itself works exactly similar to the case of an app using the original AWS S3 SDK directly. However, the wrapper SDK automatically encrypts a file before uploading it to the S3 bucket and decrypts it after downloading it, without the application having to deal with encryption keys, etc.

AWS Credentials

To use Amazon Cognito user pools, you need an AWS account. You can create a user pool through the Amazon Cognito console. You can follow the AWS developer guide to create user pool.

Replace the values of userPoolId, clientId, clientSecret and CognitoIdentityPoolId with their respective values in the CognitoHelper class in the sample app.

private static final String userPoolId = "enter_your_user_pool_id_here";
private static final String clientId = "enter_your_client_id_here";
private static final String clientSecret = "enter_your_client_secret_here";
private static final Regions cognitoRegion = "enter_your_region_here";va

private val userPoolId = "enter_your_user_pool_id_here"
private val clientId = "enter_your_client_id_here"
private val clientSecret = "enter_your_client_secret_here"
private val cognitoRegion: Regions = "enter_your_region_here"

You are provided with an appId when your app is registered with Bayun, see Registering a new App. In the strings.xml file, replace value of "BayunAppId" with your Bayun AppId.

You will find the following code snippet in the AWSS3Manager class in the sample app.

AWSCredentials credentialsProvider = new AWSCredentials() {
    @Override
    public String getAWSAccessKeyId() {
        return getString(R.string.aws_access_key);
    }

    @Override
    public String getAWSSecretKey() {
        return getString(R.string.aws_secret_key);
    }
};
SecureAmazonS3Client secureAWSS3Client = new SecureAmazonS3Client(credentialsProvider, appContext);
SecureTransferUtility secureTransferUtility = new SecureTransferUtility(secureAWSS3Client, appContext);

val credentialsProvider: AWSCredentials = object : AWSCredentials() {
            val aWSAccessKeyId: String?
                get() = getString(R.string.aws_access_key)
            val aWSSecretKey: String?
                get() = getString(R.string.aws_secret_key)
        }
val secureAWSS3Client = SecureAmazonS3Client(credentialsProvider, appContext)
val secureTransferUtility = SecureTransferUtility(secureAWSS3Client, appContext)

Register and Login

You need to first signUp using Amazon Cognito User Pools . Enter your username, password, phone number and set your company name. Hit Register button. You will receive a confirmation code on your email address. Enter the confirmation code in the confirm signUp screen and complete your signup process.

After signup you can signIn the app. Provide your username and password to signIn. A bucket with name 'bayun-test-yourCompanyName' is created. You should be able to upload/download files to/from the bucket.

Groups Functionality

BayunS3 provides groups for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId.

BayunS3 demonstrates the Group Management APIs, like - create group, get joined groups, get unjoined groups, join a particular group, add or remove a member, leave and delete a group.

BayunS3 on Github

You can find the BayunS3 app on Github

For detailed step-by-step instructions on how to build and run the Android application, see the README file.