iOS app: How to access S3 object saved under cognito identity id folder by another user

Question

In my iOS app, i have done AWS Cognito user authentication. Authenticated users are able to upload images to protected folder ie under protected / {cognito user_identitiy_id}. Authenticated users can access objects only saved under their user_identity_id folder. How one user can access objects from others. S3 document says:-

Public: Accessible by all users of your app. Files are stored under the public/ path in your S3 bucket.

Protected: Readable by all users, but writable only by the creating user. Files are stored under protected/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.

Private: Only accessible for the individual user. Files are stored under private/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.

Answer 1

Another user that wants to read the file can specify the user that created it:

let options = StorageDownloadDataRequest.Options(accessLevel:.protected, targetIdentityId: "OtherUserId")

Answer 2

If you're using Amplify, then using Protected. The owner has write permissions while others can only read files.

Pls help make sure:

1. Your S3 bucket policy is something like this for "Protected" folder to restrict user access: https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html

2. on iOS, assume you're using Amplify, pls follow this: https://aws-amplify.github.io/docs/ios/storage. Keep in mind, you have to authenticate and exchange to Credential first before using Storage API.