Reputation: 538
Cognito Identity access bucket from another account
here is the scenario.
AWS accountA has an S3 bucket. AWS acountB has cognito user pool and cognito identity set up. Also accountB is running a amplify app (so there is a fixed origin url)
I want to allow logged users from accountB to put/get objects from bucket in AccountA.
How do I configure the bucket to allow that? How do I configure the identity pool?
Upvotes: 1
Views: 518
Answers (1)
Reputation: 35146
This is simple, the bucket would need to be updated to include a bucket policy that grants access to the role that the group in the identity pool uses.
Once this is done you would need to update the policy on the IAM role to grant access to the bucket referencing the actions and resources as if they're in your account.
Take a look at the How can I provide cross-account access to objects that are in Amazon S3 buckets? article to get in depth instructions for enabling cross account support for the S3 bucket.
Upvotes: 2
Related Questions
- S3 Access for only Cognito Authenticated User
- AWS S3 bucket policy to allow access to Cognito users
- Amazon cognito Identity ID (sub) + S3 bucket name
- Allow an external user (through Cognito) to access a S3 bucket and console
- Access s3 bucket from different aws account
- AWS Cognito - S3 Access using IAM role
- AWS Cognito workaround for aws:username
- Amazon S3 bucket permission for unauthenticated cognito role user
- Getting "AccessDenied" while accessing S3 using Cognito Token
- Access Denied for new bucket with same IAM, Cognito, and permission configuration