Tutorial: How to setup AWS S3 for the AWS Mobile SDK for Unity

This tutorial was made on Friday, 3rd May 2019 using Unity 2018.3.14f1.

My Unity project files can be found on Github: https://github.com/gngriffiths/unity-amazon-s3-asset-bundle-example

After logging into https://console.aws.amazon.com search for the S3 console and open it.

1. AWS Management Console - S3.png

Click on + Create bucket. Give your bucket a name and then keep clicking next and finally click on Create bucket. No special settings are required and a bucket policy is not required.

100. bucket.png

Click on the AWS logo in the top left corner to go back to the main console page.

Search for IAM and open the IAM console.

100 iam.png

In the left hand menu click on Users, then select Add user.

Type in a username and tick Access type / Programmatic access. This will allow the app to access the S3 bucket without the user needing to enter authorization information.

101 iam.png

Click Next: Permissions then Next: Tags then Next: Review and finally Create user and close the review screen.

On the user screen click on the newly created user.

101 iam.png

Then click on + Add inline policy

103 iam.png

Click on the JSON button and copy the IAM role policy code that is below the screenshot into the box.

Replace BUCKET NAME HERE with the bucket name that can be found at the top of s3/your bucket/permissions.

For example replace BUCKET NAME HERE with unitytutorial so that it looks like: “arn:aws:s3:::unitytutorial”

Once the code has been updated, click on Review policy.

104 iam.png

IAM user policy xml code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucketByTags",
                "s3:GetLifecycleConfiguration",
                "s3:GetBucketTagging",
                "s3:GetInventoryConfiguration",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersionTagging",
                "s3:ListBucketVersions",
                "s3:GetBucketLogging",
                "s3:ListBucket",
                "s3:GetAccelerateConfiguration",
                "s3:GetBucketPolicy",
                "s3:GetObjectVersionTorrent",
                "s3:GetObjectAcl",
                "s3:GetEncryptionConfiguration",
                "s3:GetBucketRequestPayment",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectTagging",
                "s3:GetMetricsConfiguration",
                "s3:PutObjectTagging",
                "s3:DeleteObject",
                "s3:GetIpConfiguration",
                "s3:DeleteObjectTagging",
                "s3:ListBucketMultipartUploads",
                "s3:GetBucketWebsite",
                "s3:PutObjectVersionTagging",
                "s3:DeleteObjectVersionTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketAcl",
                "s3:GetBucketNotification",
                "s3:GetReplicationConfiguration",
                "s3:ListMultipartUploadParts",
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectTorrent",
                "s3:GetBucketCORS",
                "s3:GetAnalyticsConfiguration",
                "s3:GetObjectVersionForReplication",
                "s3:GetBucketLocation",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET NAME HERE",
                "arn:aws:s3:::BUCKET NAME HERE/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}

Give the policy a name and then click Create policy.

105 iam.png

Click on the AWS logo to navigate to the AWS console home screen.

From the main console window type cognito and open the Cognito console.

101 Cognito.png

Click Manage identiy profiles then click on Create new identity pool.

Enter an Identity pool name of your choice and then tick Enable access to unauthenticated identities.

Click Create pool.

102 Cognito.png

On the next page that has the title Your Cognito identities require access to your resources click on View Details. Then open the top View Policy Document, then click Edit and copy and paste the IAM role policy code found below the screenshot without making any changes to the code. Do the same for the second Policy Document (the top one is for authorized and the bottom one is for unauthorized).

Then click Allow.

The word Successful should briefly appear before the Identity Pool / Sample code screen appears.

103 Cognito.png

IAM role policy xml code:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Inside the Identiy pool / Sample code window change the Platform button from Android to Unity.

The code snippet is needed inside of the Unity app. If using the S3 example project, copy the Identity Pool ID as highlighted in the screenshot below and paste it into the S3 example script on the S3 GameObject.

Now you should be all set!

105 cog.png
unity.png

Note that the example files in the AWS SDK for Unity supplied by Amazon are broken. Follow this link for steps on how to setup and fix the broken AWS Mobile SDK for Unity.