AWS提供iOS和Android软件开发工具包上传到自己的服务器，但你不希望如果有人反编译你的钥匙暴露。你怎么prevent是什么？有没有办法签署后端的URL，并把它交给客户端，以便他们可以直接上传到S3不暴露的关键？

AWS provides SDKs on iOS and Android to upload to their servers yet you don't want your key exposed if it was decompiled. How do you prevent that? Is there a way to sign a URL on the backend and give it to the client so they can upload directly onto S3 Without exposing the key?

推荐答案

您可以使用的亚马逊STS（安全令牌服务）生成唯一的登录凭据也自动失效。

You can use Amazon STS (Security Token Service) to generate unique sign-in credentials that also expire automatically.

您也可以控制通过STS获得这些临时证书的权限（例如允许在一定的S3存储桶只能上传权限）。

You can also control permissions on these temporary credentials obtained via STS (for example to allow only upload permissions in a certain S3 bucket).