BayunS3 is a sample application that uses overridden methods from S3Wrapper SDK for secure storage onto AWS S3. The app itself works exactly similar to the case of an app using the original AWS S3 SDK directly. However, the wrapper SDK automatically encrypts a file before uploading it to the S3 bucket and decrypts it after downloading it, without the application having to deal with encryption keys, etc.

AWS Credentials

To use Amazon Cognito user pools, you need an AWS account. You can create a user pool through the Amazon Cognito console. You can follow the AWS developer guide to create user pool.

Replace the values of CognitoIdentityUserPoolId, CognitoIdentityUserPoolAppClientId, CognitoIdentityUserPoolAppClientSecret and CognitoIdentityPoolId their respective values in the Constants.m file.

You are provided with an App Id and Application Secret when your app is registered with Bayun, see Registering a new App. In the Constants.m file, replace value of "kBayunAppId" with your Bayun App Id and "kBayunAppSecret" with your Bayun Application Secret.

AWSRegionType const CognitoIdentityUserPoolRegion = "Your AWSRegion";
NSString *const CognitoIdentityUserPoolId = @"Your Cognito Identity UserPoolId";
NSString *const CognitoIdentityUserPoolAppClientId = @"Your Cognito Identity UserPool AppClientId";
NSString *const CognitoIdentityUserPoolAppClientSecret = @"Your Cognito Identity UserPool AppClientSecret";
NSString *const CognitoIdentityPoolId = @"Your Cognito IdentityPoolId";
NSString *const kBayunBaseURL = @"<Bayun Base URL>";
NSString *const kBayunAppId = @"Your BayunAppId";
NSString *const kBayunAppSecret = @"Your BayunAppSecret ";
NSString *const kBayunApplicationSalt = @"Your BayunApplicationSalt";

Register and Login

You need to first signUp using Amazon Cognito User Pools . Enter your username, password, phone number and set your company name. Hit Register button. You will receive a confirmation code on your email address. Enter the confirmation code in the confirm signUp screen and complete your signup process.

After signup you can signIn the app. Provide your username and password to signIn. A bucket with name 'bayun-test-yourCompanyName' is created. You should be able to upload/download files to/from the bucket.

Groups Functionality

BayunS3 provides groups for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId.

BayunS3 demonstrates the Group Management APIs, like - create group, get joined groups, get unjoined groups, join a particular group, add or remove a member, leave and delete a group.

Where to Go From Here?

You can find the BayunS3 app on Github.

For detailed step-by-step instructions on how to build and run the iOS application, see the README file.