Load data into Amazon Cloud

Hal Brooks
4 min readJan 23, 2022


Objective: Upload case file to Amazon’s AWS S3 cloud

Submit the case information to Amazon AWS S3 cloud.

After the user finishes entering their claim information a summary is displayed in the Overview_Panel. The Submit_Button at the bottom of this screen saves the data to Amazon’s S3 cloud services. The SubmitButton() method is a part of the UIManager script. The process of creating the file has been previously described, but is shown below. A single line of code accesses passs the path and caseID for the file to the UploadToS3() method, a part of the AWSManager.

SubmittButton() method on AWSManager.

The AWSManager is a singleton, allowing global access via public Instance variable using the code below, noting _instance is assigned later to this script in void Awake().

The following code sets up RegionEndPoint variable, _S3Region, based upon a public string entry, S3Region.

Getting the Amazon S3 Region.

The _identityPoolId is assigned from the SecureKeys class as awsKey string. This SecureKeys is ignored by GitHub repository for security, see previous article. Using the _identityPoolId and the _S3Region AWSCredentials are assigned to Credentials, as shown below.

Getting the Credentials for Amazon AWS project.

Using the Credentials and the _S3Region a variable is created to provide access to the cloud, S3Client.

Amazon S3 is accessed using the S3Client variable in the AWSManager.

Unity is initialized to provide access Amazon AWS S3 in void Awake().

UnityInitializer in void Awake() of AWSManager.

The actual UploadToS3() method receives the path and caseID from the UIManager. The path is is used to open a FileStream, stream. A PostObjectRequest variable, request, assigns the S3 Bucket for the project, Key or file name, InputSream or stream, and opens a access control list (ACL) to the specified Region. The request is then posted to bucket in the cloud using S3Client.PostObjectAsync.

The process for setting up an amazon AWS Console account was previously described. The account should start with block public access, the default, until greater access is required. Three separate AWS services must be configured to allow the app to access the cloud. These are Cognito, S3 and IAM.

First create a storage location on the cloud. Select Cognito from AWS services and select manage identity pools. Identity pools are region specific, so select your region and a name for the identity pool. Copy the identity pool ID in the sample code to the the SecureKeys script and assign the awsKey to this string to define the cloud location.

Next setup the bucket and its policy. Select AWS service IAM, and select roles from left menu. Select Cognito_ProjectNameUnath_Role and copy the role ARN. Now open AWS service S3 and create a new bucket. For the bucket start with block all public access. Now go to the permissions tab, bucket policy setting and edit policy. Select policy generator with policy type S3 Bucket Policy. Now paste the role ARN into the principal input field. Select all actions, and provide ARN as “arn:aws:s3:::name-of-bucket/*” and generate police. This will generate a JSON files to copy and paste into the bucket policy input field. Save changes.

Finally set up a policy for the role. Select IAM from AWS services and select policies from the left menu. Now select the create policy button and select S3 as the service. For actions, current access needed is list ListBuckets, read GetObject and write PutObject. Select appropriate resources with no tags. Provide a PolicyName and description for this policy and create policy. Select the Roles from left menu and select the Cognito_ProjectNameUnath_Role. Attach this new policy to this role by searching the PolicyName.

The user can now store the case information on Amazon’s AWS S3 cloud.



Hal Brooks