In my iOS app, i have done AWS Cognito user authentication. Authenticated users are able to upload images to protected folder ie under protected / {cognito user_identitiy_id}. Authenticated users can access objects only saved under their user_identity_id folder. How one user can access objects from others. S3 document says:-
Public: Accessible by all users of your app. Files are stored under the public/ path in your S3 bucket.
Protected: Readable by all users, but writable only by the creating user. Files are stored under protected/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
Private: Only accessible for the individual user. Files are stored under private/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.
Another user that wants to read the file can specify the user that created it:
let options = StorageDownloadDataRequest.Options(accessLevel:.protected, targetIdentityId: "OtherUserId")