Scalably grant users access to their own S3 folder

I am building a web application. On this application each user is logged in using Cognito. Each user also has its own S3 folder where his data is stored. The users must be able to read and write files to their folders but must not have access to folders apart from their own.

I could create IAM policies to grant W/R operations access to S3 for each user but this would not be scalable. I would end up with 1000s of different policies and also this must not be a manual process.

How can this be done?