Adrian Schweizer
03/30/2022, 2:53 PMAdrian Schweizer
03/30/2022, 2:54 PMthis.auth.attachPermissionsForAuthUsers([
// Policy granting access to a specific folder in the bucket
new PolicyStatement({
actions: ["s3:*"],
effect: Effect.ALLOW,
resources: [
bucket.bucketArn + "/private/${<http://cognito-identity.amazonaws.com:sub|cognito-identity.amazonaws.com:sub>}/*",
bucket.bucketArn + "/public/*",
],
}),
]);
Adrian Schweizer
03/30/2022, 2:56 PMStorage.vault.get("public/bla")
I always get an access denied, and I can see that it actually tried to access private/cognito-identity-etc/public/bla
Adrian Schweizer
03/30/2022, 2:56 PMAdrian Schweizer
03/30/2022, 2:57 PMAmplify.configure({
Auth: {
mandatorySignIn: false,
region: config.cognito.REGION,
userPoolId: config.cognito.USER_POOL_ID,
identityPoolId: config.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: config.cognito.APP_CLIENT_ID
},
Storage: {
region: config.s3.REGION,
bucket: config.s3.BUCKET,
identityPoolId: config.cognito.IDENTITY_POOL_ID
},
API: {
endpoints: [
{
name: "main",
endpoint: config.apiGateway.URL,
region: config.apiGateway.REGION
},
]
}
});
and this:
const config = {
// Backend config
s3: {
REGION: process.env.REACT_APP_REGION,
BUCKET: process.env.REACT_APP_BUCKET,
},
apiGateway: {
REGION: process.env.REACT_APP_REGION,
URL: process.env.REACT_APP_API_URL,
},
cognito: {
REGION: process.env.REACT_APP_REGION,
USER_POOL_ID: process.env.REACT_APP_USER_POOL_ID,
APP_CLIENT_ID: process.env.REACT_APP_USER_POOL_CLIENT_ID,
IDENTITY_POOL_ID: process.env.REACT_APP_IDENTITY_POOL_ID,
},
};
Adrian Schweizer
03/30/2022, 3:10 PMStorage.get(path, { level: "public"});
but unfortunately, I still get an Access Denied, or at least that's what's displayed when I click on the link that's output to the console when I log the result of this operationAdrian Schweizer
03/30/2022, 3:14 PMdownload: true
I now get a CORS errorAdrian Schweizer
03/30/2022, 3:17 PMAdrian Schweizer
03/30/2022, 3:19 PMAdrian Schweizer
03/30/2022, 3:27 PMAdrian Schweizer
03/30/2022, 3:32 PMFrank
cors
props like this:
new Bucket(this, "Bucket", {
s3Bucket: {
cors: [
allowedMethods: [s3.HttpMethods.GET],
allowedOrigins: ['<https://domain.com>'],
],
},
});
Frank
Adrian Schweizer
04/11/2022, 11:37 PM