Amplify-js: 403 AccessDenied on Storage. GET

Created on 28 Jan 2019  Â·  3Comments  Â·  Source: aws-amplify/amplify-js

I am using https://aws-amplify.github.io/docs/js/storage#manual-setup
to fetch my file from AWS-S3. But it always end-up with 403.

Dependecy:
"aws-amplify": "^1.1.19"

here is my configuration:

`Amplify.configure({
Auth: {
// REQUIRED only for Federated Authentication - Amazon Cognito Identity Pool ID
identityPoolId: XXXXXXXXXX,

    // REQUIRED - Amazon Cognito Region
    region: XXXXXXXX
  },
  Storage: {
    bucket: XXXXXXXX,
    region: XXXXXXXX
  }
});

Storage.get(XXXXXX, { download: true,  level: "public" })
  .then(result => console.log(result))
  .catch(error => {
    return console.log("Error: " + JSON.stringify(error));
  });

`

NOTE: I am able to download my file (using same cognitoPoolId, RegionType, Bucket Name, s3Region, and bucketKey) using AWS-Android SDK but unable to download using React Native or React Web.

Any help would be greatly appreciated.

Storage help wanted
Source
picture sunilmishra

All 3 comments

@sunilmishra maybe is an issue with bucket permissions. You are trying to access to public prefix with Amplify. Your IAM roles need permissions to access to that prefix. Also when you are trying to access on web, your bucket needs to have CORS enabled. https://aws-amplify.github.io/docs/js/storage#amazon-s3-bucket-cors-policy-setup

elorzafe picture elorzafe on 28 Jan 2019

@elorzafe Here is my Policy Bucket:
S3 access granted via Bucket Policy:
{
“Version”: “2012-10-17",
“Id”: “PolicyXXXXXXX",
“Statement”: [
{
“Sid”: “StmtXXXXXXXXXXXXX”,
“Effect”: “Allow”,
“Principal”: {
“Federated”: “cognito-identity.amazonaws.com”
},
“Action”: [
“s3:GetObject”,
“s3:GetObjectAcl”,
“s3:GetObjectVersion”
],
“Resource”: “arn:aws:s3:::XXXXX/epubs”
}
]
}

NOTE: By using the same bucket policy, I am able to download files from Android-AWS-SDK
implementation 'com.amazonaws:aws-android-sdk-core:2.9.1'
implementation 'com.amazonaws:aws-android-sdk-cognito:2.9.1'
implementation 'com.amazonaws:aws-android-sdk-s3:2.9.1'
Android and IOS Native SDK are working fine and allow me to download files from s3.

But *React Native (Javascript) is not working, it still says 403* by using
https://aws-amplify.github.io/docs/js/storage#manual-setup Approach.

sunilmishra picture sunilmishra on 1 Feb 2019

@elorzafe
I found the solution.
here, “Resource”: “arn:aws:s3:::XXXXX/epubs” There is no public.
Javascript library default add public in resource path from AWSS3Provider.js
But Android SDK and IOS SDK does not.

I guess it should be more consistency for all platforms.

sunilmishra picture sunilmishra on 5 Feb 2019
👎1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DougWoodCDS picture DougWoodCDS  Â·  3Comments
karlmosenbacher picture karlmosenbacher  Â·  3Comments
simon998yang picture simon998yang  Â·  3Comments
guanzo picture guanzo  Â·  3Comments
oste picture oste  Â·  3Comments