timber silo
I'm a little confused as to the pieces involved here and how to get them to play together nicely.
I'm trying to get it so that authenticated users can upload files to their respective private// protected/ prefixes in s3. But I also want a particular section of the public/* prefix to be read only regardless of authentication (for image hosting that'll appear on the website).
A google search suggested I override storage, and here's what I have included in there now:
import {
AmplifyProjectInfo,
AmplifyS3ResourceTemplate,
} from "@aws-amplify/cli-extensibility-helper";
export function override(
resources: AmplifyS3ResourceTemplate,
_amplifyProjectInfo: AmplifyProjectInfo
) {
resources.s3Bucket.publicAccessBlockConfiguration = {
...(resources.s3Bucket.publicAccessBlockConfiguration || {}),
blockPublicAcls: false,
ignorePublicAcls: false,
restrictPublicBuckets: false,
blockPublicPolicy: false,
};
resources.s3GuestReadPolicy
resources.addCfnResource(
{
type: "AWS::S3::BucketPolicy",
properties: {
Bucket: {
Ref: "S3Bucket",
},
PolicyDocument: {
Version: "2012-10-17",
Statement: [
{
Action: ["s3:GetObject"],
Effect: "Allow",
Resource: [
{
"Fn::Sub": "arn:aws:s3:::${S3Bucket}/public/*",
},
],
Principal: {
AWS: "*",
},
},
],
},
},
},
"ReadOnlyS3Public"
);
}
And here are my cli inputs:
{
"resourceName": "documentDashboardStorage",
"policyUUID": "51aff376",
"bucketName": "document-dashboard-storage",
"storageAccess": "authAndGuest",
"guestAccess": [
"READ"
],
"authAccess": [
"CREATE_AND_UPDATE",
"READ",
"DELETE"
],
"triggerFunction": "HandleS3TriggersTS"
}
I was previously able to at least upload to the public section, but now even that is not available somehow, and I can't seem to restore that functionality, even if I get rid of the override.
Any help would be appreciated.
tacit citrus