Tutorial: Using Amazon AWS S3 storage with your iOS Swift App

While the Amazon Mobile SDK documentation is very complete, it can be confusing for someone getting started. Like any backend service, AWS has a lot of moving parts, and you need to get them all working together before your app works.


This tutorial will get you started using Amazon AWS by building an iOS app using XCode 6 and Apple Swift that reads data from the AWS S3 (Simple Storage Service). Of course your production app will need to do much more than this, and all of those other function points will build on the setup we’ll do in this tutorial. Ready? Let’s get started!

Overview of the process

To have your app up and running reading from S3, there are a few things you need to do. The first is to create an Amazon developer ID. I assume you’ve done this already, but if not, head over to the Amazon AWS developer home page, and click the orange Try AWS for Free button at the top-right of the page. Then come back to this tutorial so we can get started.

Here’s a summary of what we’ll do in this tutorial to get things working:

  • Create an S3 Bucket
  • Upload some images into the S3 Bucket
  • Create a Cognito Identity pool for the app to use
  • Use IAM to authorize the app to read from the S3 bucket
  • Setup our XCode environment to use the Amazon Mobile SDK for iOS
  • Code the app so it can access the AWS S3 bucket via the SDK

It sounds like a lot of steps (and it is!). But just follow along, and you’ll have an app working against AWS in no time!

Amazon S3 works a lot like a cloud-based file system. The basic unit of storage you’ll use is a “Bucket”. A bucket is analogous to a hard disk volume. Typically you create a bucket to store data for your application. You can also create folders within buckets. You can’t create buckets within buckets, though — just as you can’t create hard disks within hard disks.

User authorizations are created against the bucket, and we’ll create a single authorization policy for all users of the tutorial app. In this application we’ll create a bucket, and store some images in the bucket (without folders). Our app will be authorized to access the images via a Cognito identity pool.

Create an S3 Bucket

First head over to the AWS Management Console, and click on the S3 link under Storage and Content Delivery.


In the popup window, provide a unique Bucket Name for the bucket, select your preferred AWS Region, and then click on the Create button.

The Bucket Name you select must be unique among all users (not just within your own account). You can prepend the bucket name with characters that are specific to your company to make it less frustrating to create unique names.

With the bucket created, let’s upload a few images to use in our application. From the S3 console, click on the name of the bucket you just created, and then click on the Upload button.


Next select a file from your computer to upload and save it. I’ve uploaded a single image to the S3 bucket. After you save the file, it will be in the S3 bucket list, as below.


At this point we have a bucket with a file to display in our iOS app. Next we need to create an authorization using Cognito so the mobile app will be able to read the file from the bucket.

Cognito is the AWS authorization facility used to provide remote application authentication for AWS resources. Once a user is authorized with Cognito, the Identity and Access Management service is used to map authorizations between Cognito authorized users and AWS resources.

Cognito can support both unauthenticated and authenticated users simultaneously. It can delegate authentication to various Identity systems, like Google, Twitter and your custom authentication provider to meet various requirements.

In this introductory tutorial, we’ll use an unauthenticated identity — essentially letting anyone who uses our app to access the image we put in the S3 bucket. This is common for B2C applications. Layering user authentication on top of this design can certainly be done without changing the basic design of the app.

With that introduction, let’s setup Cognito! First navigate back to the AWS Management Console, and then click the link to Cognito underneath the Mobile Services heading.


At the top of the Amazon Cognito console, click the New Identity Pool button.


On the first step screen:

  • Give the identity pool a name (which must be unique in your account)
  • Click the checkbox to allow unauthenticated identities. This will enable us to authorize our app to read from the S3 bucket without authenticating users with an authentication provider
  • Click the create pool button

If our application was to be restricted to authenticated users only, we would use the to define Public, OpenID and/or Developer Authenticated Identities sections to integrate Cognito with the authentication provider we chose to use.


On the next screen (step 2), by default you’ll create two Identity and Access Management (IAM) roles — one for authenticated users, and the other for unauthenticated users. As you can probably guess, authenticated users can have different privileges to AWS resources than unauthenticated ones. In an application like ours, we might allow unauthenticated users to view images, but only authenticated users to upload images.

The default settings on this screen are fine and the names are sensible for our purposes. Review the screen, and click the Update Roles button.


Next we need to authorize app users who use the Cognito role we created to have read access to the image we uploaded to the S3 bucket.

Head over to the IAM Management Console, click on the Roles link in the left-hand navigation, then click on the unauthenticated role you created in the previous step (in this example it’s called Cognito_s3tutorialUnauth_DefaultRole).


On the next screen, you can see the role and policies that were assigned when the role was created. By default, there is a role policy that allows user profile data to be saved.

Before going further, make a note of the Role ARN, and copy it to the clipboard, then save it in a text editor. You’ll need this later when configuring your iOS application in XCode.

Once you copy the ARN, click the Create Role Policy button to create the role that will allow reading of the S3 bucket images.


The Set Permissions form allows you to use a Policy Generator or a Custom Policy. Click the Select button to choose the former option so we can use a configuration GUI to generate the policy instead of typing in the JSON syntax by hand.


In the Policy Generator make the following selections:

  • Select Amazon S3 as the AWS Service
  • Select only the GetObject action
  • Enter the ARN for the S3 bucket we created, in this format: arn:aws:s3:::com.mobiletoolworks.s3tutorial/*
  • Click the Add Statement button.
  • After you click this button, the statement will be added to a table underneath the entry fields
  • Verify the statement looks correct, and then click the Next Step button


The next page shows you a JSON version of the policy created in the dialog box.
 Click the Apply Policy button.


After you Apply the Policy, you’re returned to the role summary screen. Note the new policy you added for the application is now listed in the Policy list at the bottom of the form.


Create the XCode Project

Now that we have the AWS Backend Service created and configured, let’s create our iOS Application and configure it to read from the S3 Bucket.

Launch XCode, select File/New Project, select Single View Application, and click the Next button.


Give your project a name, set the language to Swift, choose iPhone as the device, clear the User Core Data checkbox and click the Next button.


Use CocoaPods to add AWS frameworks

Next we need to add the Amazon AWS frameworks to the XCode project. You can download frameworks and add them manually if you like, but it’s much easier to use the CocoaPods dependency manager to do it for you.

If you don’t have CocoaPods configured on your system, follow these instructions to configure your XCode environment to use it.

Create a file named “podfile” in your project root folder, and add the following lines to it:

source 'https://github.com/CocoaPods/Specs.git' pod 'AWSiOSSDKv2'


Then close XCode, open a terminal window, and navigate to the folder where you created your podfile.

From that folder, type the following command to have CocoaPods:


Now wait while CocoaPods downloads the AWS SDK (and dependencies), and configures your XCode workspace.

After the workspace is configured, note the instruction on the console that you should now open your project by double-clicking on the .xcworkspace file rather than the .xcodeproj file as you did previously.

Double-click the .xcworkspace file to re-open the XCode project. Note how CocoaPods has configured the AWS runtime libraries for you within the XCode workspace.


Since we’re using Swift, and the AWS libraries are actually Objective-C, we need to create a bridging header, and configure the project for it.

First, add a bridging header to you iPhone app. I’ve called mine “BridgingHeader.h”, but you can use any name you like.


To configure the project to use the Bridging Header, click on your iPhone app target, click on Build Settings, and search for the word “Bridging”. Then change the setting for Objective-C Bridging Header to the name you gave your Bridging Header file.


The project is now configured for AWS, so next let’s implement some code to connect to AWS, download and display the file we uploaded at the beginning!

Connecting to AWS

Since our objective is to retrieve the image file uploaded to the S3 bucket, the first thing we’ll do is put a UIImageView on the main screen’s view controller so we can display the image once we have it.

Open your Main.storyboard, drag an Image View from the Object Library on to the main View Controller Scene. Then create an outlet in the ViewController class for the UIImageView. I assume you know how to do this, so I won’t go through all the steps in detail.


Now that you have a UIImageView where the image will be displayed, replace the viewDidLoad() method with the following. Of course, this is just a tutorial — a production application wouldn’t do all of this in viewDidLoad, but this will at least let you test your AWS connection and make sure you’ve got the hang of configuring your project and can use Swift to connect to AWS services.

class ViewController: UIViewController { @IBOutlet weak var imageView: UIImageView! override func viewDidLoad() { super.viewDidLoad() // Hard-coded names for the tutorial bucket and the file uploaded at the beginning let s3BucketName = "com.mobiletoolworks.s3tutorial" let fileName = "MobileToolworks-Logo.jpg" let downloadFilePath = NSTemporaryDirectory().stringByAppendingPathComponent(fileName) let downloadingFileURL = NSURL.fileURLWithPath(downloadFilePath) // Set the logging to verbose so we can see in the debug console what is happening AWSLogger.defaultLogger().logLevel = .Verbose // Create a credential provider for AWS requests let credentialsProvider = AWSCognitoCredentialsProvider.credentialsWithRegionType( AWSRegionType.USEast1, accountId: "999999999999", identityPoolId: "us-east-1:ac328da6-63f3-4748-9b8f-25b564422968", unauthRoleArn: "arn:aws:iam::696446148911:role/Cognito_s3tutorialUnauth_DefaultRole", authRoleArn: "arn:aws:iam::696446148911:role/Cognito_s3tutorialAuth_DefaultRole") // Create a service configuration for AWS requests let defaultServiceConfiguration = AWSServiceConfiguration( region: AWSRegionType.USEast1, credentialsProvider: credentialsProvider) // Create a new download request to S3, and set its properties AWSServiceManager.defaultServiceManager() .setDefaultServiceConfiguration(defaultServiceConfiguration) let downloadRequest = AWSS3TransferManagerDownloadRequest() downloadRequest.bucket = s3BucketName downloadRequest.key = fileName downloadRequest.downloadingFileURL = downloadingFileURL let transferManager = AWSS3TransferManager.defaultS3TransferManager() transferManager.download(downloadRequest).continueWithBlock { (task: BFTask!) -> AnyObject! in if task.error != nil { println("Error downloading") println(task.error.description) } else { // Set the UIImageView to show the file that was downloaded let image = UIImage(contentsOfFile: downloadFilePath) self.imageView.image = image } return nil } // end closure }

When you run your program, it will make an asynchronous connection to the AWS S3 service to fetch the file previously uploaded. The file will be downloaded to the iOS temporary folder, and then loaded into the Image View Controller.

There will be a delay while all this happens, and in a production application you should make sure the user experience is excellent even while waiting for content to load over the network.

We set the AWS logging to “verbose”, so you can read through the debug console to see the various things happening under the hood:


You should see the message “Download Complete” that we put into our code, as well as various status and update messages from the AWS SDK as it makes progress.

In the iOS simulator, you should finally see the image we uploaded to S3, giving a visual confirmation that the entire process worked successfully!


Whew! We made it! There were a lot of steps, but now that you’ve got the hang of configuring AWS and XCode to work together, you’re well on your way to building more apps and using more AWS services within XCode!


Originally published at rekerrsive.ghost.io on February 14, 2015.

Leave a Reply

Your email address will not be published. Required fields are marked *