IAM Policies

Cognito Identity Pool Auth Role Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfPublicFolder",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<S3 files bucket>",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "public-files/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<S3 files bucket>",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "users/${cognito-identity.amazonaws.com:sub}/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowReadAccessOfPublicFolder",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::<S3 files bucket>/public-files",
                "arn:aws:s3:::cognito-doc-management/public-files/*"
            ]
        },
        {
            "Sid": "ReadWriteDeleteOwnFiles",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<S3 files bucket>/users/${cognito-identity.amazonaws.com:sub}",
                "arn:aws:s3:::<S3 files bucket>/users/${cognito-identity.amazonaws.com:sub}/*"
            ]
        }
    ]
}

Admin User Role Policy

Coming Soon

PreviousSource Code NextS3 Bucket Policies

Last updated 4 years ago

Was this helpful?

IAM Policies

Cognito Identity Pool Auth Role Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowListingOfPublicFolder",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<S3 files bucket>",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "public-files/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowListingOfUserFolder",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<S3 files bucket>",
            "Condition": {
                "StringLike": {
                    "s3:prefix": [
                        "users/${cognito-identity.amazonaws.com:sub}/*"
                    ]
                }
            }
        },
        {
            "Sid": "AllowReadAccessOfPublicFolder",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::<S3 files bucket>/public-files",
                "arn:aws:s3:::cognito-doc-management/public-files/*"
            ]
        },
        {
            "Sid": "ReadWriteDeleteOwnFiles",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<S3 files bucket>/users/${cognito-identity.amazonaws.com:sub}",
                "arn:aws:s3:::<S3 files bucket>/users/${cognito-identity.amazonaws.com:sub}/*"
            ]
        }
    ]
}

Admin User Role Policy

Coming Soon

PreviousSource Code NextS3 Bucket Policies

Last updated 4 years ago

Was this helpful?