I’m trying to upload a

.csv

to an S3 Bucket. I am running into a problem that’s a little opaque to me and don’t know how to solve. I’m using Amplify for auth and I am fairly confident that’s set up correctly.

Amplify.configure({
  API: {
    endpoints: [
      {
        name: "customers",
        endpoint: config.apiGateway.URL,
        region: config.apiGateway.REGION,
      },
    ],
  },
  Auth: {
    mandatorySignIn: true,
    region: config.cognito.REGION,
    userPoolId: config.cognito.USER_POOL_ID,
    identityPoolId: config.cognito.IDENTITY_POOL_ID,
    userPoolWebClientId: config.cognito.APP_CLIENT_ID,
  },
  Storage: {
    region: config.s3.REGION,
    bucket: config.s3.BUCKET,
  },
});

My code for the input is:

const stored = await Storage.vault.put("cool-file", file, {
      contentType: file.type,
    });

In my Stack I’m set up in a similar way to the Notes tutorial

const bucket = new sst.Bucket(this, "ComicsHelperBucket", {
      s3Bucket: {
        cors: [
          {
            maxAge: 3000,
            allowedOrigins: ["*"],
            allowedHeaders: ["*"],
            allowedMethods: ["GET", "PUT", "POST", "DELETE", "HEAD"],
          },
        ],
        // Delete all the files
        autoDeleteObjects: true,
        // Remove the bucket when the stack is removed
        removalPolicy: RemovalPolicy.DESTROY,
      },
      notifications: ...

The primary difference between my app and the Notes app is that I’m using Amplify for auth and login components. So maybe I need to add the Bucket to the auth? It seems like it should work… Gah--- It’s probably that I didn’t attach permission

import * as iam from "@aws-cdk/aws-iam";

// later
      new iam.PolicyStatement({
        actions: ["s3:*"],
        effect: iam.Effect.ALLOW,
        resources: [
          bucket.bucketArn + "/private/${<http://cognito-identity.amazonaws.com:sub|cognito-identity.amazonaws.com:sub>}/*",
        ],
      }),