Bucket policy to allow Cognito user in User Pool access to S3 bucket
Question
I am trying to add a bucket policy to my bucket because my bucket is in a root aws account, and I want to restricts other users, roles, etc. under the root account from accessing my bucket except for a specific Cognito user in my User Pool.
I do not want to also use an identity pool -- I would just like to refer to the Cognito user as the principal in my bucket policy. Is there any way to do this without using an identity pool? I can't find any example policies that do this.
1 answers
solution1
0 2020-12-18 13:51:32
You can set the Principle of your bucket policy as the auth role of your Cognito user. In my case, the Principle looks like
"Principal": {
"AWS": "arn:aws:iam::123456789000:role/NAME_OF_MY-authRole"
},
Then, you can further control the access by changing the Resource. Here is the example from AWS docs .
"arn:aws:s3:::bucket-name/cognito/application-name/${cognito-identity.amazonaws.com:sub}",
"arn:aws:s3:::bucket-name/cognito/application-name/${cognito-identity.amazonaws.com:sub}/*"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.