Jett Robin Andres
10/30/2021, 12:14 AMSid
attribute specified here so I can view my uploaded image urls via browser. I’ve also tried PublicReadGetObject
in my sst setup as I thought there was just a typo upon reading the official docs from aws. However I’m still getting AccessDenied
error for my uploaded images.
here’s a snippet from my sst auth stack
this.auth.attachPermissionsForAuthUsers([
api,
new iam.PolicyStatement({
sid: 'PublicReadGetObject',
actions: ['s3:*'],
effect: iam.Effect.ALLOW,
resources: [
bucket.bucketArn + '/private/${<http://cognito-identity.amazonaws.com:sub|cognito-identity.amazonaws.com:sub>}/*',
bucket.bucketArn + '/public/*',
bucket.bucketArn +
'/protected/${<http://cognito-identity.amazonaws.com:sub|cognito-identity.amazonaws.com:sub>}/*',
],
}),
])
Here’s my client s3 upload syntax using aws-amplify. Note that I want to remove acl
from my client code. It works on a per-file basis if I uncomment it but I want to rely from sst’s sid instead
const res = await Storage.put(`${receiptId}.jpg`, blob, {
contentType: 'image/jpeg',
level: 'public',
//acl: 'public-read', //TODO: move acl to sst via sid prop
})
Frank
Sid
is just an id, it can be any string, doesn’t really affect the actual permission.Jett Robin Andres
10/30/2021, 6:25 AMFrank
AccessDenied
b/c ur permission isn’t configured correctly. Can you try:
this.auth.attachPermissionsForAuthUsers([
api,
new iam.PolicyStatement({
sid: 'PublicReadGetObject',
actions: ['s3:*'],
effect: iam.Effect.ALLOW,
resources: ["*"],
}),
])
Frank
AccessDenied
error.Jett Robin Andres
10/30/2021, 6:35 AMsid
can be anything. I really appreciate the help!Frank
Frank
Frank