I have a Cognito User Pool (lets call it UP1). Users from that pool upload protected files to S3 using Amplify. Now I have another User Pool (UP2) for the admin side. However, using a user logged in in UP2 (through amplify too), I haven't been able to access the S3 files uploaded by users in UP1 as I'm always getting an HTTP 403.
The IAM role assigned to the UP2 must be able to perform any action over that S3 bucket (with no luck so far).
This is the policy
{
"Statement": [
{
"Action": [
"*"
],
"Resource": [
"<bucket_arn/*>"
],
"Effect": "Allow"
}
]
}
And the way of accessing the UP1 files from a user in UP2 using Amplify
Storage.list('<somepath>/', {
level: 'protected',
identityId: '<identityId of the User from UP1>',
}
Am I missing something in order to list and get the files in this bucket? is it possible?
or how can I give "special" permissions to users in UP2 that allow me to access those S3 files.
Thanks!
Solved.
Sorry I was mistakenly configuring the IAM policy. I thought the wildcard did the trick by itself with all the child resources including itself.
I was performing the ListBucket action whose resource must the Bucket itself (not any child of it). However, to avoid the wildcard and have a better control over the resources I follow the guide (I did not read before, ups) and have a look at the policy stated there.