Reputation: 9984
Amplify storage, AccessDenied for user with group: Access Denied when trying to .put on S3
I set up amplify storage as described here
I set access for auth and guest
everything for fine, I can upload files to s3 for all users except for user with group (i.e. admin users)
I tried to set permission for the user IAM role and group but it doesn't work
I found this thread https://github.com/aws-amplify/amplify-cli/issues/4055
it seems like a known issue, the only solution there is :
To fix the issue, I ended up having to do this nastiness inside the s3 cloudformation template... here's just a snippet from one of the policy's but you would need to update all of the "authenticated" policies (Would love to hear if this is advisable route or if there's a better potential solution as I'd have to remember to update this file every time I edit groups in my amplify setup)
but I don't understand what it means in practice
Please help
I found that if I change the Restrict access by? · Individual Groups it works for groups but not for guest
original amplify update storage
? Select from one of the below mentioned services: Content (Images, audio, video, etc.)
✔ Restrict access by? · Auth/Guest Users
✔ Who should have access: · Auth and guest users
✔ What kind of access do you want for Authenticated users? · create/update, read, delete
✔ What kind of access do you want for Guest users? · create/update
✔ Select from the following options · Skip Question
✅ Successfully updated resource
groups
amplify update storage
? Select from one of the below mentioned services: Content (Images, audio, video, etc.)
✔ Restrict access by? · Individual Groups
✔ Select groups: · admin
✔ What kind of access do you want for admin users? · create/update, read, delete
✔ Select from the following options · Skip Question
Upvotes: 0
Views: 1021
Answers (2)
Reputation: 513
I ran into this issue because I added user Cognito Groups but did not update my storage configuration.
Perform these steps:
amplify update storage
Select the Both option and make your preferred configuration for each group that should have permission
amplify push
Upvotes: 1
Reputation: 11
Did you try to select the 'both' option?
? Restrict access by? (Use arrow keys)
Auth/Guest Users
Individual Groups
❯ Both
There you can config both of them If not, in the file under storage/bucket/cli-inputs.json you can also modify/check
Upvotes: 1
Related Questions
- Getting Access Denied when calling the PutObject operation with bucket-level permission
- AccessDenied for ListObjects for S3 bucket when permissions are s3:*
- "No current user": Isn't it even possible to make unauth calls to AWS AppSync through Amplify with authentication type AMAZON_COGNITO_USER_POOLS?
- AWS Amplify Storage permissions, S3 bucket
- How to add adminQueries for multiple groups in Amplify?
- Associate user information from Cognito with AWS Amplify GraphQL
- Why can't I read relational data when I use iam for auth, but can read when authenticated through cognito user pools