Update Cognito Identity Pool Auth Role
Our application allows users to upload, share, and view files. We will be using the AWS S3 to store and view files. To make sure our users can access their folders properly, we will have to first configure the S3 access permissions to logged-in users.
Go to the Identity Pool and select
Edit identity pool
from top rightCopy the
Authenticated role
and go to the IAM consoleSearch for the IAM role and select
Attach policies
Select
Create Policy
optionCopy the below policy JSON and create the policy

Unauthenticated and Authenticated roles are very intuitive features. As an application developer, I would just need to assign proper permissions to these roles to make sure that my application users get correct access based on their status.
Now, create a new IAM policy that we can assign to the authenticated role that will allow our users to access the /public-files folder.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfPublicFolder",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<S3 files bucket>",
"Condition": {
"StringLike": {
"s3:prefix": [
"public-files/*"
]
}
}
}
]
}
The above policy will grant read access to the public folder.
Assign the above policy to the role and test the web application again.

Last updated
Was this helpful?