stackoom
  简体   繁体   中英

AWS , iOS, cognito, confusion

 原文  2015-02-15 03:23:44       ios/ amazon-web-services/ amazon-s3/ amazon

Question

I am working on an app that loads files into s3, following this example

https://github.com/awslabs/aws-sdk-ios-samples/tree/master/S3BackgroundTransfer-Sample/Objective-C

In the read me it says 

In the Amazon Cognito console, use Amazon Cognito to create a new identity 
pool. Obtain the PoolID constant. Make sure the role has full permissions for 
the bucket you created.

This is confusing for me, When I go to IAM roles, And to manage users, I see I can add AmazonS3FullAccess Policy, but I cannot specify the actual bucket name !! When clicking on show policy I get this pop up 

{
 "Version": "2012-10-17",
 "Statement": [
   {
    "Effect": "Allow",
    "Action": "s3:*",
    "Resource": "*"
   }
 ]
}

and its read only . I have an s3 bucket and want to make sure the IAM user can access it but can't figure out how to do that on the AWS website.

2 answers

solution1
 0 ACCPTED  2015-02-15 03:57:48

ok after digging around, I found the way to create a custom policy and update the s3 bucket in it and attach it to a role. in IAM, under dashboard go to policies -> create policy -> Copy an AWS Managed Policy ( I recommend ) and form there you configure it. Hope this helps others, still think the site needs to be better documented.

solution2
 0  2015-02-15 07:34:57

The pre-configure AmazonS3FullAccess policy gives full access to Amazon S3, hence there is no restriction on bucket name.

Here is an example of policy that restrict to a specific bucket and "directory" in S3 only if the directory name match the user's Cognito user ID.

You restrict access to a specific Bucket / Directory / File by using the Resource section of the policy. 

{
         "Effect": "Allow",
         "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:DeleteObject"
         ],
         "Resource": [
            "arn:aws:s3:::iosdemo-upload/pictures/${cognito-identity.amazonaws.com:sub}/*"
         ]
      }

To discover more about Amazon S3 policies, I would suggest you to walk through these steps http://docs.aws.amazon.com/AmazonS3/latest/dev/walkthrough1.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Cognito Sign In in iOS (swift) AWS Cognito Required Fields iOS AWS - Cognito Login by User Pool, and Cognito Authentication[iOS] AWS iOS Cognito - How To Check For a User in a Userpool? iOS AWS AppSync 401 IAM + Cognito AWS Cognito User Pools in iOS (Swift) app [iOS][AWS Cognito] 'logins' is deprecated: Use “AWSIdentityProviderManager” AWS Cognito sign in not working (Swift-iOS) ios swift AWS cognito and Facebook Authentication Using AWS Cognito to keep a user in ios logged in
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM