Simple Amplify Storage Requests Which Require Authentication

Hello,

I am new to AWS, and I am using Amplify to build my application (React + Node). I am trying to make a very simple storage interface for user documents, and I don't want these documents to be accessible by those who do not sign in through the Cognito user pool. However, I do want these documents to be accessible to all users who have signed in through my application.

I followed all of the directions specified in the official documentation page regarding setup, and didn't configure any special options. I then went into the web interface for my S3 bucket, found the newly created storage bucket, and added a folder called "templates" with a couple sub folders, and then some user document templates. The problems started to occur upon calling the Storage.list(...) function within my application. The promise would resolve successfully, but the list would be empty. I understand now that's because my application was attempting to index the S3 bucket through a public scope prefix. When I create a folder named public, and add the files in there, everything works nicely. I was under the opinion though that using this public folder would allow my privileged content to be indexed to users who were not credentialed (i.e. guests from outside my application who didn't pass through the Cognito login portal). Is that the case?

There are no groups configured from within my Cognito user pool. Right now, calling Amplify storage API functions work, but only in the public scope. I had thought what I wanted to do was only allow such functionality within the private scope; but I'm beginning to think based on the docs pages regarding user access that what I would be fine using the public scope, as it doesn't allow access to internal files by guests, who would not be signed in. This hunch is furthered by information regarding protected and private scopes being user-specific.

Should I delve deeper into the permissions associated with these bucket objects, and configure some sort of user group system and then configure ACLs based on the groups, or would using files within the public scope be fine for my use case? I just don't want users who aren't signed in through Cognito to be able to access files.

Thank you for your time, and I hope this question finds you well.

Topics

Storage Security, Identity, & Compliance Front-End Web & Mobile

Relevant content

Amplify Build Times with React SPA
NetworkOverflow
asked 2 years ago
Why am I prompted for username & password with every request to my AWS Amplify app?
sparecycle
asked 4 months ago
I am unable to delete my AWS Amplify project
AWS-User-3424692
asked 2 years ago
Trying to download a image and show it in react native screen ? from AWS Amplify s3 storage
John
asked 5 months ago
Why am I receiving a "Failed to authenticate with service" error in my Application Migration Service replication server?
AWS OFFICIALUpdated a year ago
How do I delete an application in AWS Amplify?
AWS OFFICIALUpdated 2 years ago
Why am I getting an Access Denied error when I try to connect to Amazon RDS for MySQL using IAM authentication?
AWS OFFICIALUpdated 9 months ago
Why am I unable to authenticate to my WorkSpace using the WorkSpaces client?
AWS OFFICIALUpdated 2 years ago
Why am I seeing charges for 'Public IPv4 addresses' when I am under the AWS free tier?
EXPERT
dnyanesh-db
published 2 months ago
AWS India Customers Can Now Use UPI (Unified Payments Interface) To Make Payments
EXPERT
Rohit Malhotra
published 10 days ago