How do I provide authenticated access to my AWS S3 bucket?

Question

I started a bare Expo app with expo init called MyVideoApp. Then I created an AWS account and in the terminal ran:

• npm install -g @aws-amplify/cli
• amplify configure

This signed me into the console, I went through the default steps and created an account in region:eu-west-2, username:amplify-user, pasted in the accessKeyId & secretAccessKey, profile name:amplify-user-profile.

• cd ~/Documents/MyVideoApp/ & amplify init

? Enter a name for the project MyVideoApp
? Enter a name for the environment dev
? Choose your default editor: IntelliJ IDEA
? Choose the type of app that you're building javascript
Please tell us about your project
? What javascript framework are you using react-native
? Source Directory Path:  /
? Distribution Directory Path: /
? Build Command:  npm run-script build
? Start Command: npm run-script start
Using default provider  awscloudformation
? Do you want to use an AWS profile? Yes
? Please choose the profile you want to use amplify-user-profile
Adding backend environment dev to AWS Amplify Console app: d37chh30hholq6

• amplify push

At this point I had an amplify folder in my project directory and an S3 bucket called amplify-myvideoapp-dev-50540-deployment. I uploaded an image into the bucket icon_1.png. And tried to download it from the app via a button click.

import React from 'react';
import { StyleSheet, Text, View, SafeAreaView, Button } from 'react-native';

import Amplify, { Storage } from 'aws-amplify';
import awsmobile from "./aws-exports";
Amplify.configure(awsmobile);

async function getImage() {
  try {
    let data = await Storage.get('icon_1.jpg')
  } catch (err) {
    console.log(err)
  }

}
export default function App() {
  return (
    <SafeAreaView style={styles.container}>
      <Text>Hello, World!</Text>
      <Button title={"Click to Download!"} onPress={getImage}/>
    </SafeAreaView>
  );
}
const styles = StyleSheet.create({
  container: {
    flex: 1,
    justifyContent: 'center',
    alignItems: 'center',
  },
});

Output:

No credentials

[WARN] 18:54.93 AWSS3Provider - ensure credentials error, No Cognito Identity pool provided for unauthenticated access
...

So I setup (but maybe not correctly?) a user pool (my_first_pool) and an identity pool (myvidapp). This didn't help. Furthermore when I go into my bucket and click Permissions -> Bucket Policy, it's just empty ... not sure if that's okay if only owner is trying to access the bucket & it's contents.

I don't know what's wrong and what else to try. I essentially just want to authenticate my backend so anyone who git clones this code would just be able to run it and access the bucket.

Edit: aws-exports.js

/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.
const awsmobile = {
    "aws_project_region": "eu-west-2"
};
export default awsmobile;

Answer 1

Since you've indicated that you're okay with all of the files in the S3 bucket being publicly accessible, I would suggest the following:

1. Select the bucket from in the AWS console (console.aws.amazon.com)

2. Under "Permissions" select "Block Public Access" and edit the settings by un-checking all of the options under and including "Block all public access", then save and confirm.

3. Go to the bucket policy, and paste in the following (Note: replace "YOUR_BUCKET_NAME_HERE" with "amplify-myvideoapp-dev-50540-deployment" first):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicRead",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::[YOUR_BUCKET_NAME_HERE]/*"
            ]
        }
    ]
}