Amplify-cli: Granting access to objects in S3 bucket for authenticated users

Created on 26 Feb 2019  路  4Comments  路  Source: aws-amplify/amplify-cli

* Which Category is your question related to? *
Accessing files in an S3 bucket

* What AWS Services are you utilizing? *
AWS Amplify with Auth added

* Provide additional details e.g. code snippets *
Hi!

I'm currently working on a React Native app that I am buildign with Amplify. I did add Auth and a GraphQL to the app and implemented both.

I am currently trying to load some images in my app that are hosted in an S3 bucket. These images are uploaded without public access since I only want to use them in the app. My guess was that I would have to add a new policy to the authenticated Auth role that can be found in amplify/.config/team-provider-info.json under AuthRoleArn.

So I did add the following policy to that role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetObjectAcl",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::BUCKETNAME/*"
        }
    ]
}

Unfortunately the images are not showing up in my app. Am I missing something?

Thank you in advance!

question storage
Source
picture timkuilman

All 4 comments

@timkuilman I would add Storage to the project with amplify storage add and use that bucket in your app. You will have different access level according to your needs working out of the box. Take a look here for more information.

elorzafe picture elorzafe on 26 Feb 2019

I will try that approach thank you.

Still I am wondering why my approach did not work. I will probably have a look at the what Storage does exactly. My current project only needs to read from an S3 bucket and setting up Storage seems a bit like an overkill.

timkuilman picture timkuilman on 26 Feb 2019
👍1

Still I am wondering why my approach did not work. I will probably have a look at the what Storage does exactly. My current project only needs to read from an S3 bucket and setting up Storage seems a bit like an overkill.

The file amplify/.config/team-provider-info.json is auto generated is used only for reference. Adding policy to this file won't update the stack/policy

yuth picture yuth on 26 Feb 2019
👍1

@yuth if he did want to add access to the bucket manually, then how would he go about doing so with Amplify?

stephendmalloy picture stephendmalloy on 19 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ffxsam picture ffxsam  路  3Comments
adriatikgashi picture adriatikgashi  路  3Comments
jkeys-ecg-nmsu picture jkeys-ecg-nmsu  路  3Comments
davo301 picture davo301  路  3Comments
rehos picture rehos  路  3Comments