✅ - Where do I put a S3 Custom IAM Policy? | AWS Amplify | Page 1

turbid flax Jul 5, 2023, 5:01 PM

#

I want to customize S3 permissions for my Amplify project. (Specifically, I want the public key path to be read only, the private key path to be both read and write, and members of a cognito admin group to have read/write access to everything).

According to Amplify documentation (https://docs.amplify.aws/lib/storage/configureaccess/q/platform/js/) I should be able to define my own IAM policy ... but where do I put it? I see policies in cloudformation-template.json, but I assume that gets regenerated every time amplify CLI updates the bucket, so I shouldn't put it there.

dry flint Jul 5, 2023, 5:10 PM

#

I see two options.

Add policy directly via IAM console to the auth, unauth, group role as required.
Override the amplify generated S3 resources.
Ref :- https://docs.amplify.aws/cli/storage/override/

turbid flax Jul 5, 2023, 5:13 PM

#

ah the override is what I was looking for, thanks!

compact marshBOT Jul 11, 2023, 7:04 PM

#

✅ - Where do I put a S3 Custom IAM Policy?

#✅ - Where do I put a S3 Custom IAM Policy?