Using Amazon TVM instead of a regular AccessKey/SecretKey
I am building an Android application that will send reports to a server. These reports are plain JSON files stored on Amazon S3. The Amazon user only has the PutObject permission on a specific S3 bucket.
The documentation states that we should use the Token Vending Machine mechanism instead of hardcoded keys within the application.
I cannot see the advantage of this method. I get that a hacker could decompile my app to find the keys. But his only choice then is to send files to the bucket, nothing else (no file listing, no file retrieval).
If I use the anonymous TVM, the process is:
- Get a token valid for 24 hours
- Use this token to send files to the bucket
A hacker could also call the TVM server to request unlimited tokens and send files to my bucket. It does not seem to solve this problem.
What is the real advantage in using TVM?
You can attach different authorizations to each mobile UID, giving your finer control over what you allow people to access. You can also control how much AWS access the TVM has using policies. You can also stop it any given time. If they get your keys, you will have to disable the whole account. If you are OK with that, you probably don't need to use the TVM.