AWS Mobile
Developer Guide

User File Storage

Choose AWS Mobile Hub User File Storage to:

  • Add cloud storage of user files, profile data, and app state to your mobile app

  • Use fine-grained control of access to files and data, implementing four common patterns of permissions policy

Looking for Amazon Cognito Sync?

Amazon Cognito Sync has been deprecated. For real time data sync between devices, with built-in offline capabilities, see AWS AppSync.

Create a free Mobile Hub project and add the User File Storage feature.

Feature Details

The Mobile Hub User File Storage feature, creates and configures four folders for each user, inside an Amazon Simple Storage Service (Amazon S3) bucket belonging to the app.

Best practice for app security is to allow the minimum access to your buckets that will support your app design. Each of the four folders provisioned has a policy illustrating different permissions choices attached. In addition, Mobile Hub provides the option to restrict access to your app to only authenticated users using the User Sign-in feature.

Note: If you do not make the User Sign-in feature Required then, where not blocked by a folder or bucket access policy, unauthenticated users will have access to read and/or write data.

The following table shows the details of permissions policies that are provisioned for each folder type.

Folder name Owner permissions Everyone else permissions

Public

Read/Write

Read/Write

Private

Read/Write

None

Protected

Read/Write

Read Only

Uploads

Write Only

Write Only

The following image shows IAM policy being applied to control file access in a Protected folder. The policy grants read/write permissions for the user who created the folder, and read only permissions for everyone else.

The User File Storage feature enables you to store user files such as photos or documents in the cloud, and it also allows you to save user profile data in key/value pairs, such as app settings or game state. When you select this feature, an Amazon S3 bucket is created as the place your app will store user files.

User File Storage At a Glance

AWS services and resources configured

Mobile Hub-enabled features use Amazon Cognito for authentication and IAM for authorization. For more information, see User Sign-in. For more information, see Viewing AWS Resources Provisioned for this Feature.

Configuration options

This feature enables the following configuration options mobile backend capabilities:

  • Store user files and app data using Amazon S3. When you enable User File Storage four folders are provisioned, each with a distinct access policy configuration:

    • private - Each mobile app user can create, read, update, and delete their own files in this folder. No other app users can access this folder.

    • protected - Each mobile app user can create, read, update, and delete their own files in this folder. In addition, any app user can read any other app user's files in this folder.

    • public ? Any app user can create, read, update, and delete files in this folder.

Quickstart demo features

This feature adds the following to a quickstart app generated by Mobile Hub:

  • File explorer for the app's S3 bucket allows the user to:

    • Upload and view files in any Public folder.

    • View and download files in a Private folder that the user created.

    • View and download files in a Protected folder anyone created and upload files to that folder if the user created it.

    • Upload files to any Uploads folder. User setting of choice of color theme can be persisted to and retrieves from the cloud.

Viewing AWS Resources Provisioned for this Feature

The following image shows the Mobile HubResources pane displaying elements typically provisioned for the User File Storage feature.