amplify-backend
amplify-backend copied to clipboard
aws-amplify
I want you to add block public access settings to defineStorage in storage.
Environment information
npx amplify info 【 main 】
System:
OS: macOS 14.0
CPU: (10) arm64 Apple M2 Pro
Memory: 524.39 MB / 16.00 GB
Shell: /bin/zsh
Binaries:
Node: 20.5.0 - /usr/local/bin/node
Yarn: 1.22.19 - /usr/local/bin/yarn
npm: 9.8.0 - /usr/local/bin/npm
pnpm: 8.15.5 - ~/Library/pnpm/pnpm
NPM Packages:
@aws-amplify/backend: 0.13.0-beta.15
@aws-amplify/backend-cli: 0.12.0-beta.17
aws-amplify: 6.0.27
aws-cdk: 2.136.0
aws-cdk-lib: 2.136.0
typescript: 5.4.4
AWS environment variables:
AWS_DEFAULT_PROFILE = cloudteam
AWS_STS_REGIONAL_ENDPOINTS = regional
AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables
Description
In order to display public image data with object URL instead of signed URL, you need to set block public access settings. Is there a way to configure this at this time?
The following settings are required to grant public read permission to an object and execute putobject.
- Cognito iam role storageAccessXXXXXXX policy requires permission for the following actions
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
-
Uncheck all S3 block public access (bucket settings) items.
-
Enable ACL in the S3 bucket object owner settings and set it to the desired bucket owner.
I would like to be able to configure these by building the amplify gen2 backend.
@rnrnstar2 you should be able to use the storage override to add these permissions. for example with the grantPutAcl method
const backend = defineBackend({
auth,
data,
storage,
});
backend.storage.resources.bucket.grantPutAcl(<your-config>)
"Action": [ for the authenticated role of the cognito identity pool created with amplify. "s3:PutObject", "s3:PutObjectAcl" ], I want to add.
I would like to know how to configure these settings. grantPutAcl what should I set?