Using Amazon TVM instead of a regular AccessKey/SecretKey

I am building an Android application that will send reports to a server. These reports are plain JSON files stored on Amazon S3. The Amazon user only has the PutObject permission on a specific S3 bucket.

The documentation states that we should use the Token Vending Machine mechanism instead of hardcoded keys within the application.

I cannot see the advantage of this method. I get that a hacker could decompile my app to find the keys. But his only choice then is to send files to the bucket, nothing else (no file listing, no file retrieval).

If I use the anonymous TVM, the process is:

  • Get a token valid for 24 hours
  • Use this token to send files to the bucket

A hacker could also call the TVM server to request unlimited tokens and send files to my bucket. It does not seem to solve this problem.

What is the real advantage in using TVM?

Answers


You can attach different authorizations to each mobile UID, giving your finer control over what you allow people to access. You can also control how much AWS access the TVM has using policies. You can also stop it any given time. If they get your keys, you will have to disable the whole account. If you are OK with that, you probably don't need to use the TVM.


Need Your Help

Need response body of HTTP 500 with file_get_contents (PHP)

php file-get-contents http-error

Using file_get_contents as part of custom SOAP implementation to apply SOAP calls (ALL libraries that we tried would not do SSL + certificate based authentication with SOAP 1.2 correctly). However

How to use com.android.calendar.DayView?

android

I need a calender control in my application to show some "appointments" in a day view. As far as I see it, there are two ways: Write my own control which would be not that funny and to use

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.