I need to allow users to access files on S3 with a specific prefix -- ie username1 -- that I can't change, so I can't just use the ${cognito-identity.amazonaws.com:sub}
as the prefix. My S3 bucket is already populated with content under specific prefixes - so a user logs into my app, and is then allowed to access one of those specific prefixes
Currently set up on AWS to allows users to authenticate in a Cognito role using Firebase and developer authenticated identities. Each user account (email/password) has an associated S3 prefix that they must be able to access. Some users will share this prefix (two users accessing S3-bucket/username1 for example). A user should not be able to list or access any other prefix except their associated prefix.
I'm not quite sure what the best way to go about accomplishing this -- just with Cognito roles or using a database and lambda function + api endpoint, bucket/user policies or ACLs. Is there a simple way that I'm missing?
Pretty new to AWS, any help will be greatly appreciated!
tl;dr: How to only allow a user to access files on S3 with a specific prefix, that is NOT the ${cognito-identity.amazonaws.com:sub}
variable?
As mentioned in comments, Amazon Cognito does not directly support your use case today. You can implement something like the following to achieve your goals:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.