Allow an external user (through Cognito) to access a S3 bucket and console

1
votes

Is it possible to allow an external user (through Cognito) to access a S3 bucket and display the S3 console screen?

I have been trying to create a User Pool connect it with a role through Identity Pool and then in the APP SETTINGS in User Pool is my S3 url?

2
amazon-web-servicesamazon-s3amazon-cognito

2 Answers

2
votes

Is it possible to allow an external user (through cognito) to access a S3 bucket

Yes. Use Identity Pool => set Authenticated Role: S3 access with Cognito Identity ID restrict as example (custom prefix if you want): https://docs.amazonaws.cn/en_us/IAM/latest/UserGuide/reference_policies_examples_s3_cognito-bucket.html

Then, User after authenticated with Identity Pool can access S3

and display the S3 console screen ?

Not. User after authenticated has to access S3 via calling API

0
votes

You may create a new user in AWS IAM and grant the access only to s3 bucket.

Then you would have the s3 web UI screen and AWS console authentication.