Create AWS IAM Policy/Role for 3rd Party Identity Provider
Question
I have successfully configured an identity provider in AWS that allows me to access S3 (and other) resources using an id_token granted by my IdP (Auth0).
The final step I'd like to take is to configure more fine-grained access control in AWS by restricting access to an S3 bucket based on claims in the id_token . Right now, any valid token issued by the IdP provides access. I can easily specify custom claims (roles) for different users in Auth0 but have not been able to figure out how to check those fields in AWS IAM policies or roles.
Here is the very helpful and detailed guide I followed to get as far as I did: https://datalanguage.com/news/s3-managed-uploads
Is this possible?
EDIT
I've seen this question and I am not using cognito. I'd like to be able to do this without, if possible.
1 answers
solution1
0 2018-08-21 05:17:43
Why not use an access right profile for each user, as a JSON in S3:
{
"accessRight": {
"element": "bucketA",
"role": "manager"
}
}
Then:
- If user is authenticated (using Congnito).
If the user has the required role (eg,
manager).if (1 && 2) grantAccess()
You can go as fine-grained as possible, you just need to define the element and role for it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.