Amplify-cli: Storage: how to control CRUD actions based on cognito groups

Created on 5 Sep 2019  路  2Comments  路  Source: aws-amplify/amplify-cli

* Which Category is your question related to? *

This is in regards to s3 storage.
In AppSync we can assign users to groups and using graphql transform and the @auth decorator to specify what a user can do. For example:

  @auth(
    rules: [
      { allow: groups, groups: ["Admin"] }
      { allow: groups, groups: ["User"], operations: [read] }
    ]
  )

How can you do the corresponding control in s3 upload with the amplify package? I see that I can assign controls based on authenticated or unauthenticated users, but I want further control so that I could allow Admins to upload and delete, but only allow users to read. Thanks!

* What AWS Services are you utilizing? *

S3 and Amplify.

* Provide additional details e.g. code snippets *

feature-request
Source
picture CaptainChemist

Most helpful comment

@CaptainChemist - This is not currently something that is possible OOTH with Amplify, but it is in our backlog.

picture haverchuck on 5 Sep 2019
👍2

All 2 comments

@CaptainChemist - This is not currently something that is possible OOTH with Amplify, but it is in our backlog.

haverchuck picture haverchuck on 5 Sep 2019
👍2

This is now supported in the CLI: https://aws-amplify.github.io/docs/cli-toolchain/quickstart#group-access-controls

undefobj picture undefobj on 20 Nov 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mwarger picture mwarger  路  3Comments
ffxsam picture ffxsam  路  3Comments
nicksmithr picture nicksmithr  路  3Comments
adriatikgashi picture adriatikgashi  路  3Comments
ReidWeb picture ReidWeb  路  3Comments