I am developing an app that is able to read from JSON file located on AWS S3 servers in a bucket with read and write permissions. App also allows to edit some of the values in that JSON file.
Problem
Problem is that everyone with the JSON file URL can then alter the included data. I only want the file to be modified from this app.
JSON file
{
"females": [
{
"id": 1,
"name": "First Name",
"actions": [
{
"action_1": 123,
"action_2": 456,
"action_3": 789
}
]
}, ...
}
Users are able to modify values located withing actions array.
Any recommendations on how to limit write access of the JSON file only to this app?
Cloudfront will not help here.
Solution is
authenticate your application's users (Amazon Cognito will help you) OR use Amazon Cognito with Anonymous User.
Give your Amazon Cognito role the permission to read and write on your S3 bucket
remove access policies from S3 (to make the bucket private)
That way, only application users will be able to read and write the files.