amplify-flutter
amplify-flutter copied to clipboard
aws-amplify
S3 access denied when making the API call
Description
StorageAccessDeniedException {
"message": "S3 access denied when making the API call.",
"recoverySuggestion": "HTTP error returned from service, review the `underlyingException` for details.",
"underlyingException": "Instance of 'UnknownSmithyHttpException'"
}
Block all public access: off for all AWS S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::NAME+OF_THE_BUCKET"
}
]
}
cors:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
ACL access: object writer
METHODS:
Future<String?> uploadFile(io.File file) async {
try {
final awsFile = AWSFilePlatform.fromFile(file);
final uploadResult = await Amplify.Storage.uploadFile(
key: 'upload/file.jpeg',
localFile: awsFile,
options: StorageUploadFileOptions(
accessLevel: StorageAccessLevel.guest
),
onProgress: (progress) {
safePrint('Fraction completed: ${progress.fractionCompleted}');
},
).result;
safePrint('Uploaded file: ${uploadResult.uploadedItem.key}');
} on StorageException catch (e) {
safePrint('Could not retrieve properties: ${e.message}');
rethrow;
}
}
AWS Configuration file:
"UserAgent": "aws-amplify-cli/2.0",
"Version": "1.0",
"auth": {
"plugins": {
"awsCognitoAuthPlugin": {
"UserAgent": "aws-amplify-cli/0.1.0",
"Version": "0.1.0",
"IdentityManager": {
"Default": {}
},
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "****************",
"Region": "us-east-1"
}
}
},
"CognitoUserPool": {
"Default": {
"PoolId": "****************",
"AppClientId": "****************",
"Region": "us-east-1"
}
},
"Auth": {
"Default": {
"OAuth": {
"WebDomain": "****************",
"AppClientId": "****************",
"SignInRedirectURI": "****************",
"SignOutRedirectURI": "****************",
"Scopes": ["email", "openid", "aws.cognito.signin.user.admin"]
}
}
}
}
}
},
"api": {
"plugins": {
"awsAPIPlugin": {
“API_NAME”: {
"endpointType": "GraphQL",
"endpoint": “****************”,
"region": "us-east-1",
"authorizationType": "AMAZON_COGNITO_USER_POOLS"
}
}
}
},
"notifications": {
"plugins": {
"awsPinpointPushNotificationsPlugin": {
"appId": “***************************,
"region": "us-east-1"
}
}
},
"storage": {
"plugins": {
"awsS3StoragePlugin": {
"bucket": “NAM”E_OF_THE_BUCKET,
"region": "us-east-1"
}
}
}
Categories
- [ ] Analytics
- [ ] API (REST)
- [x] API (GraphQL)
- [X] Auth
- [ ] Authenticator
- [ ] DataStore
- [x] Notifications (Push)
- [X] Storage
Steps to Reproduce
Whe trying to upload an file on S3 bucket using upload method
Screenshots
No response
Platforms
- [x] iOS
- [X] Android
- [ ] Web
- [ ] macOS
- [ ] Windows
- [ ] Linux
Flutter Version
3.16.8
Amplify Flutter Version
1.6.1
Deployment Method
Amplify CLI
Schema
No response
Hello @androidshivam - Thanks for opening the issue. I have a few follow up questions to help us triage this.
Can you confirm that you created the S3 bucket with the Amplify CLI? The Amplify CLI allows your to set auth rules for guest and authenticated users. Can you let us know what rules you enabled?
Is there currently a user signed in when the issue occurs?
Can you update the code snippet as follows and share the logs?
Future<String?> uploadFile(io.File file) async {
try {
final awsFile = AWSFilePlatform.fromFile(file);
final uploadResult = await Amplify.Storage.uploadFile(
key: 'upload/file.jpeg',
localFile: awsFile,
options: StorageUploadFileOptions(
accessLevel: StorageAccessLevel.guest
),
onProgress: (progress) {
safePrint('Fraction completed: ${progress.fractionCompleted}');
},
).result;
safePrint('Uploaded file: ${uploadResult.uploadedItem.key}');
} on StorageException catch (e) {
safePrint('Could not retrieve properties: ${e.message}');
safePrint(e.underlyingException.statusCode);
safePrint(e.underlyingException.body);
safePrint(e.underlyingException.message);
safePrint(e.underlyingException.message);
safePrint(e.underlyingException.underlyingException);
rethrow;
}
}
Hello @Jordan-Nelson , I've created the bucket directly on browser using root user access and the changes in logs doesn't able found in library getting this error (The getter 'statusCode' isn't defined for the type 'Object'. )
safePrint(e.underlyingException.statusCode); safePrint(e.underlyingException.body); safePrint(e.underlyingException.message); safePrint(e.underlyingException.message); safePrint(e.underlyingException.underlyingException);
If you created the bucket manually have you followed these docs to import the bucket? Have you added the appropriate IAM policy?
If you are just getting started, I would recommend you use the CLI to create the bucket as it will set this up for you.
Hey, I've added the policies described in the docs for Auth roles and S3 I've started this project 4 years back using CLI but after some time I've to switch to different system i.e not able to setup the cli again
I'm able to get the presigned URL using this final result = await Amplify.Storage.getUrl( key: imageKey, options: const StorageGetUrlOptions( accessLevel: StorageAccessLevel.private, pluginOptions: S3GetUrlPluginOptions( expiresIn: Duration(days: 1), ), ), ).result;
But still can't able to render the image getting Access denied error
Facing similar problem:
@Jordan-Nelson Please take a look into it
I tried setting up storage using amplify CLI and afterward I tried once using the one which I created manually, I don't want my users to go for authentication while uploading a photo
@satsin06 - If you used the Amplify Gen 1 CLI, unauthenticated users will only be able to upload to files in the "public/" directory. Please try uploading a file to that directory.
Amplify Gen 2 allows for more flexible storage authorization. You can read more about Gen 2 storage here: https://docs.amplify.aws/flutter/build-a-backend/storage/authorization/
The Gen 2 docs currently have a callout that it is not available Flutter yet. It is available as long as you are using the Amplify Flutter v2 which was released recently.
@Jordan-Nelson What should be the setting to confirm that it's a public directory?
@satsin06 the path should start with "public/". For example, StoragePath.fromString("public/file.txt")
@satsin06 - The path cannot be "public/" It should be a file inside the public directory. For example - "public/file.txt". There is a sample project here - https://github.com/aws-amplify/amplify-flutter/blob/main/packages/storage/amplify_storage_s3/example/lib/main.dart
You can also refer to the documentation for Gen 2 Storage which has example of uploading files to the public directory - https://docs.amplify.aws/flutter/build-a-backend/storage/upload-files/
@androidshivam - If you are still facing this issue please share some info about your IAM policy. Thanks.