How to allow Cognito user pool users to delete objects in S3?
Question
My mobile app uses AWS Amplify and i have a Cognito user pool and an S3 bucket in the project. Users are able to put objects into the bucket no problem, but they cant delete. What i want to do is for each logged in user to be able to delete an file in the bucket.
The path to the files is for example: my_bucket_name/protected/eu-west-2:de55c2rf-8f1e-836d-88f9-82da662aau6dt/videos/video1
To delete, i call this:
import { Storage } from 'aws-amplify';
import Amplify, { Auth } from 'aws-amplify';
. . .
delFromS3 = async () => {
Storage.remove('protected/eu-west-2:de55c2rf-8f1e-836d-88f9-82da662aau6dt/videos/video1')
.then(result => console.log('Deleted Video from S3'))
.catch(err => console.log('Deleting video from S3 error: ', err));
}
So i either need a way to allow users in the cognito user pool to be authorised to delete an object. Or because i manually know the path to the file in each users sub-bucket (eg /protected/eu-west-2:de55c2rf-8f1e-836d-88f9-82da662aau6dt/videos/video1 ) just pass that in my delFromS3() function. I don't think this is a bucket policy issue.
OR if i need to use an Identity pool, how do I allow all the users in my existing user pool to work with the automatically generated Identity pool to enable them to delete in S3? At the moment users use Cognito to get into the user pool using Auth.signIn()
1 answers
solution1
0 2020-01-19 05:25:47
I'd call an API and in your Lambda check security / who it is and if they have access to remove file.. You may be able to check amplify user characteristics from policy, haven't tried..
But the extra api gives you another layer for security if desired in future
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.