How does cognito user operate specific folder on S3
Question
I have a cognito user pool, and in the pool I have several users. The problem is, how can I use policy to grant permission for cognito user to access specific folder in S3 bucket?
Here is my IAM policy,
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt15057XXXXXXX",
"Effect": "Allow",
"Action": "s3:getObject",
"Resource": [
"arn:aws:s3:::exampleBucket/folder1/*"
]
}
]
}
I attach this policy to a role which type is Web Identity, Amazon cognito. Then I connect this role to the cognito user group. When any user register the account, I will put the user into the user group. The user should restrict to the role and only can get objects in the specific folder.
But I don't know why it doesn't work.
I want to know if there's any problem in my policy or there is some other problems that I didn't notice ? Thanks!
Update, to Rachit Dhall, I am confused about "authenticate provider"
Do you mean cognito->manager federated Identities-> edit identity pool -> authentication provider ?
If so, I already set authentication with cognito. But still doesn't work. The error message is still Access Denied.
1 answers
solution1
0 2017-09-22 00:50:03
You should add the Cognito User Pool as an authentication provider in the Cognito Identity Pool. What is the error you are getting?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.