Limit write access to JSON file on AWS S3 server

Question

I am developing an app that is able to read from JSON file located on AWS S3 servers in a bucket with read and write permissions. App also allows to edit some of the values in that JSON file.

Problem

Problem is that everyone with the JSON file URL can then alter the included data. I only want the file to be modified from this app.

JSON file

{
  "females": [
    {
      "id": 1,
      "name": "First Name",
      "actions": [
        {
          "action_1": 123,
          "action_2": 456,
          "action_3": 789
        }
      ]
    }, ...    
}

Users are able to modify values located withing actions array.

Any recommendations on how to limit write access of the JSON file only to this app?

Answer 1

Cloudfront will not help here.

Solution is

• authenticate your application's users (Amazon Cognito will help you) OR use Amazon Cognito with Anonymous User.

• Give your Amazon Cognito role the permission to read and write on your S3 bucket

• remove access policies from S3 (to make the bucket private)

That way, only application users will be able to read and write the files.

Answer 2

have a look at the following: Restricting Access to Amazon S3 Content by Using an Origin Access Identity

You can use CloudFront to mask and/or create a layer between your content (in S3) and the user/s. This allows for better control over the access management rather than storing and giving out the actual links to S3 URLS.