AWS S3 in Unity
Before we begin, we’ll first need to have our Amazon identity pool id, that’s obtained by going to visiting the amazon aws site, going to our dashboard and choosing Cognito which can be found under Security, Identity and Compliance.
Next, select manage identity pools
We created the Service Adjustment app in an earlier article, so we’ll select that item.
Then in the upper right hand corner, select “Edit Identity Pool”
copy the identity pool id someplace safe, we will need it later.
Now we’re ready to set up the bucket!
Go to the main console menu page and search for ‘s3’.
Select the s3 link and you’ll be taken to the bucket creation page.
Press ‘Create Bucket’ and you’ve just created a globally unique container to store your files in.
I’m going to call my bucket std-service-app-case-files. The naming rules is lowercase only, dashes and periods are allowed. Apparently Amazon seems to store bucket names globally instead of allowing local names to each user which is amateurish and unforgivable, in my not so humble opinion.
For blocking, I believe I want the second one available since the app will be under a controlled list and we don’t want that blocked.
We can ignore the rest of these options and go ahead and hit the create bucket button.
If all goes well, we’ll see this success message on our dashboard.
We’re ready to start using our bucket! We’ll need an empty called AWSManager with an AWSManager script on it.
and here’s the code for the script, to be safe, we copied all of the namespaces from amazons example script to our manager to be sure everything will run.
We’ll next have to create the s3 client which takes a reference to the cognito credentials instance we recently created.
AmazonS3Client S3Client = new AmazonS3Client (credentials);
But where do we get our credentials?
Apparently on this page where it discusses setting up the cognito pool,
copy and paste the code sandwhiched between UnityInitializer and AmazonS3Client:
Remember that Identity pool we copied at the beginning of this article? Paste it in the IDENTITY_POOL_ID, keep the quotes.
RegionEndpoint needed to be changed to .USEast2 to work correctly. Verify that in your identity pool for yours.
Finally, we’ll have to access the Identity and Access Management Console
And go to roles
Select unauthenticated role and then copy and paste the code someplace safe, this is what will be known as our principle.
Navigate back to S3, choose the service app’s buckets permissions tab.
In the permissions field, hit edit where the Bucket Policy box is.
Then click on policy generator
For policy, select s3Bucket policy
Effect: Allow,
Principle is the code snippet we copied from the identity and access console.
all actions,
and for the resource name it’s arn — colon — aws — colon — s3–3 colons, name of bucket.
arn:aws:s3:::std-service-app-case-files
Then click on Add Statement, and then generate policy, it will generate some json code for you, copy and paste it somewhere safe.
Then paste the code in the previous screen:
and very important, click save changes!
The new bucket policy should appear in your s3 dashboard.
We’ll finally need to set some permissions using IAM, so head on over to the IAM dashboard
and select roles, and just like with buckets, select the unauthenticated role and permissions.
Then select attach policies
And then click on create policy
type in s3 for the service, we want all actions so tick that.
also all resources
tags are optional, just click on review
for the name, just use my_custom_policy and anything for the description and hit create policy.
It will show you the success screen, go ahead and select roles again.
select the same unauthenticated role and attach policy, search for my_custom_policy, select the checkbox and hit the attach policy button!
at the success screen copy the ARN, it will be our new principle for creating the new bucket policy.
Head back to the s3 bucket, click on edit policy and generate policy
Again, s3 policy, effect:allow, paste the new ARN in, all actions, and the arn:aws:s3:::projectName , click add statement, and generate policy, copy the code somewher safe.
paste the code back in the bucket policy and click save changes.
and with that, we’ve successfully connected with amazon!
