Aws-sdk-ios: Protecting awsconfiguration.json against jailbreak

@mohab2014 The information contained in that file is considered non-sensitive. From our Usage docs:

It contains information which is non-sensitive and only required for external, unauthenticated actions from clients (such as user registration or sign-in flows in the case of Auth) or for constructing appropriate endpoint URLs after authorization has taken place.

With that, the feature to construct a configuration object from an in-memory representation is reasonable, so we'll take this on as a feature request. We'll update this when we have more information.

Requirement

See https://github.com/aws-amplify/aws-sdk-android/pull/1002

Add AWSConfiguration(JSONObject) constructor to construct a AWSConfiguration object from the configuration passed via a JSONObject.

I am not sure if the information contained in the awsconfiguration.json is not sensitive. The file does contain the Cognito PoolId under the key "CredentialsProvider" which is enough information to allow any one who learns it to gain access to the services it provides. I am currently using a single awsconfirguration file in many iOS apps which means that the file is not even tied to a single iOS app or project.

Hi anything new regarding this issue?

@mohab2014 @zarko-via Sorry for missing this issue. As of 2.11.0, the SDK supports the ability to configure via an in-memory object.

@mohab2014 You should be configuring your application with appropriate controls (e.g., via IAM "authenticated" and "unauthenticated" roles) such that the only unauthenticated resources are those necessary for new users to sign up to your application. Other resources should require authenticated access, and be protected by appropriate configurations on the backend. Amplify can help provision those resources appropriately, or you can refer to the Cognito and IAM AWS docs for more information.