Service Application: AWS Part 2
Objective: Set up AWS S3 with Unity
We will start of back in the AWS Management Console. Before we can upload or access data we will need somewhere to save it. In a previous post we already set up an Identity Pool ID which will be needed later. For now lets move to S3 and create a bucket.
Hit create a bucket and lets go.
Choose a name for your bucket. The name has to be unique so try to use one specific to your project that you wont require later. The block access options will be done on a project and requirement basis. There are more options such as bucket versioning, tags and such but we don’t need those right now. Once you have your settings dialed in hit create and hopefully you will be redirected back to to bucket console menu with a nice success message.
Go back to Unity and in the earlier Amazon post we set up an AWS_Manager gameobject and script. Now we can start working on that.
If you would like to go through the documentation on using the AWS Mobile SDK for Unity with S3, you can find it here. So far we’ve created a bucket and the IAM roles.
The first edit in the AWSManager script is Awake method. After the UnityInitializer we need to create credentials using CognitoAWSCredentials using the Identity Pool ID you created earlier and the region area. We then use AmazonS3Client to create a client instance using the credentials. Remember to add the required namespaces as you progress. For now we’ll just take all the ones used in the example and when the project is finished, clean up any that are unused.
Now we can attempt to fetch the buckets. The first error received was a region not set so we add the region to the client after the credentials. We then use the client ListBucketsAsync request and check for exceptions or log the bucket names.
We now face an Access Denied error but that’s ok, let’s fix that.
Go to the AWS IAM Dashboard and click on Roles.
Once you see the Roles, select the Unauth Role we created earlier. You will see a Role ARN(Amazon Resource Name) (screens not shown for secuirty).
Copy this with the copy button at the end of the ARN. Go back to S3 and select your bucket then select the permissions tab and go to the bucket policy. Select edit and then Policy Generator.
Change the type of policy to S3 Bucket. Leave the effect as allow and paste the ARN you copied into the Principal. Select All Actions(You can limit theses depending on your project but we just want to keep this simple) and add the bucket ARN which will be arn:aws:s3:::bucketName (you can find this where you clicked the policy generator if you just want to click copy).
Click Add Statement and then Generate Policy. This will give you a JSON snippet. Copy the snippet and go back to where you clicked to generate policy. Paste in your new policy and click SAVE and because AWS is so user friendly we’re done! If only.
So go back to IAM dashboard, roles, click on the Unauth Role from earlier. In permissions, click attach policy, create policy. Set the service to S3 and select all actions and resources. Click next:tags then next:review, give the policy a name and create it.
Go back to Roles, select the Unauth Role again, click attach policy and attach our new policy. Now to go back through the S3 steps again. Copy the Role ARN and go back to S3, select the bucket, permissions, edit bucket policy, policy generator and follow the same procedure as before just using the new Role ARN, copy the JSON snippet and replace the previous policy and we’re in.