I have a bunch of html/css/js files. I have one index.html file. I would like to create some predefined users in cognito so that they can browse my website in s3. I don't want to create a login page by myself. I want only s3 and cognito, nothing else. is there any way to achieve this?
You will have to do a lot of your coding to achieve something like this. You can use the inbuilt cognito GUI to take care of registration and login but after that you need to write some code to use the generated tokens to grant user access to s3 hosted resorces which you will have to fetch and show on a webpage.
So, no you cannot do this simply with s3 and cognito.
Related
I upload the files by referring https://www.youtube.com/watch?v=9x5LGaL2W7E.But I don't find any reference videos or links to view the files in the bucket with access key and secret key not with userID and Password. I am specially looking forward to develop this API in Vue.Js(VUE 2)
Navigate me.
You could somehow achieve that but the best solution is probably to use the AWS CLI and run something like s3 ls on your given bucket.
Here is the reference: https://docs.aws.amazon.com/cli/latest/reference/s3/
I have a small question regarding Cognito authentication and S3. I tried to connect external S3 and Cognito instances to Amplify (Not managed by Amplify, I created manually). In the system, we can upload files to the S3 bucket and view them. I use Amplify JS's Storage class to do all this. The thing that got me confused is that when I give S3 permissions to the Cognito Auth_Role, my users cannot upload or view any files even-though they are logged into the system. When I give permission to the Unauth_Role, it works. Any idea why?
We are developing a mobile app using Parse as our BAAS solution but using Amazon S3 for storage of our media files. All of our users upload media files into their own individual folders inside of our app's bucket. As the user uploads media files we update their records in Parse so it knows where to download the files. That's the easy part.
I've spent quite a bit of time researching the different policies for S3 buckets and I am trying to get a grip on the proper way to ensure the security of the content uploaded. If you do all of your work with DynamoDB or SimpleDB then it's easy because you're essentially adjusting your ACLs with the IAM accounts and whatnot. If you use Amazon Cognito it's also easy because authentication happens through Google, Facebook or Amazon accounts. In my case I am using Parse to authenticate users which cannot speak to Amazon directly.
My goal is that only the currently logged in Parse user with ID #1234567 can access their own 1234567 folder and files (as well as any other user given permission by this person for collaboration). Here is a post similar to what I'm trying to accomplish: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication
...but how do I accomplish this with the current user's ID number?
Even better question is whether that post mentioned above is best practice or should I instead be looking at creating an EC2 server to handle access to these files? Should I be looking at CloudFront to serve private content? Or is there another method that works better for what I am trying to accomplish? I am going in circles and my head is spinning.
Thanks to whoever can help straighten me out.
Well since Parse is being shut down I am migrating to another service. This question is no longer relevant.
I have a django template which contains a link to a file stored on amazon s3. This template is an email to be sent automatically from the system. I want this link to be password protected. on clicking this link, the file on s3 in opened in browser without any authentication. I want the user to first log in to my django website and then the file is opened in the website.
How can I achieve this?
Thanks,
Ammara
You would need to have the link in the email use a URL that goes to a view in your site, setup auth normally there, then have the s3 link available from some landing page behind auth on your site.
Just FYI tho: This is a really bad idea if any level of actual security is needed.
I've a iOS app and I would like my users to upload images to S3 directly.
I need UserX to be able to upload folders to __MY_BUCKET__/UserX/* Only. So that each one of my users have their own folder and only they can modify content in them.
Given that scenario I need to create dynamic permissions to my S3 bucket
Is that possible?
If it is... maybe I am in the right path or not....
What I've done so far is
I am using this guide to create Elastic Beanstalk with a Token Vending Machine. Then I used this other guide to configure the TVM.
Now my issue with that in none of the guides it shows an example of how to register a dynamic user (my app user) or how get the token from the TVM or how to say "Hey TVM, this userID needs upload access to __BUCKET_/ThiUserID/*" from a iOS app.
So I guess what I wonder, is how do I fill the gaps if what I am trying to achieve is possible?
I'm one of the maintainers of the AWS Mobile SDKs. The page you linked to includes projects for both iOS and Android that show how to integrate the customized TVM code in a mobile application. I suggest you look there and if you need further clarification, please update your with specific questions about the code.
You may also want to look at our web identity federation sample which is included with the SDKs. In combination with IAM policy variables, you can generate dynamic policies without the use of a Token Vending Machine.