KMMBridgeartifactsS3 Public Artifacts

S3 Public Artifacts

You can publish artifacts to AWS S3. However, there is no easy way to make them private using auth options available out of the box for S3. Therefore, artifacts in S3 will have publicly readable URLs. Those URLs are generated with a random UUID, so they’re essentially unguessable, but that’s an important restriction.

Configuration

kmmbridge {
    s3PublicArtifacts(
        region = "us-east-1",
        bucket = "my-kmm-artifacts",
        accessKeyId = "[ACCESS_KEY]",
        secretAccessKey = "[SECRET_ACCESS_KEY]"
    )
}

Parameters:

  • region: the AWS region
  • bucket: the S3 bucket
  • accessKeyId: IAM access key (should probably be a repo secret)
  • secretAccessKey: IAM secret key (should definitely be a repo secret)
  • makeArtifactsPublic: optional boolean. Defaults to true. Can keep URL’s private, but out of the box, there is no way to authenticate clients for access.
  • altBaseUrl: optional alternative base URL.

Considerations

We generally wouldn’t use this option unless we’re publishing a public repo. However, if you have alternative ways of securing and authenticating an S3 bucket, this is a good option.

Public Artifacts

If makeArtifactsPublic is set to true, then ACL will need to be enabled on your bucket. While AWS recommends disabling ACLs it is needed for public artifacts.

To enable ACL you need to set Object Ownership -> ACLs enabled and uncheck Block all public access, either when you create a bucket or under the permissions tab.

Check this SO question for more information.

Private Artifacts

If you do not want to enable ACL, then you can look into exposing items from your bucket using CloudFront. You can enable OAC and create signed URLs to expose the buckets contents.

Check out the official docs to go through the steps of distributing your artifacts. For a more visual tutorial you can view this guide on how to get started configuring AWS S3 and CloudFront resources (you can ignore the Spring boot section). This way you can host your XCFramework.zip on your S3 bucket and create a link to it using Cloudfront.

In order to use this approach you will need to create a custom KMMBridge Artifact Manager. Creating a signed url for Cloudfront is required to reference your artifact from a Package.swift file, and that is not supported in KMMBridges Aws S3 Artifact Manager.

Handling contents inside of a private bucket is outside the scope of this documentation and KMMBridge. We have provided some helpful resources but it is not the responsibility of KMMBridge to handle authentication around buckets.