New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug? DX issue?] Cannot access Amplify Storage when authenticated - 403 Access Denied Error results #5794
Comments
possible related issues:
i've read through all these but don't know enough to understand if they apply to my situation or not. as far as I can tell I have ruled them out but I am not sure. |
I did the same steps you mentioned and with unauthenticated users I was able to list the objects. import React from 'react';
import logo from './logo.svg';
import './App.css';
import { Amplify } from 'aws-amplify';
import awsconfig from './aws-exports';
import { Storage } from '@aws-amplify/storage';
import { } from "module";
Amplify.configure(awsconfig);
function App() {
return (
<div className="App">
<header className="App-header">
<button onClick={list}>list files</button>
</header>
</div>
);
async function list() {
const files = await Storage.list('');
alert(JSON.stringify(files, null, 2));
}
}
export default App; What were your auth settings? |
thanks @elorzafe, but i think you may not have read my issue closely. i also have no problem when unauthenticated. thats not the issue i filed (check the title). i wrote my repro steps above! i had briefly communicated with Richard about this, who also discussed it with @kaustavghosh06. i think @dabit3 may have encountered this before as well. i havent been able to break through this for the past 2 weeks, so it has hampered my ability to ship a demo of Amplify Storage with authenticated users. |
Possibly related issue: aws-amplify/amplify-js#7076 this may be a regression on Cognito side? |
Hi @sw-yx, I was not able to reproduce this issue with the latest Amplify ( Just to make sure we are on the same page, can you confirm that this is still happening on your app with the latest Amplify and cli? It seems like other customers are experiencing this issue, but I haven't been able to reproduce it yet. my Amplify CLI inputs fyi: Auth Configuration
Storage Configuration
|
hey @wlee221, i followed your instructions to the letter and could still replicate. please have a look: https://youtu.be/1wG4ImyUi50 |
@sw-yx, thank you! these videos help tremendously in reproducing issues. I'll retry this week and let you know how it goes. ps. sorry about the manual auth setup, I assumed you did also :D |
Update: I was able to repro this now, thanks. I'll bring this up in the bug bash today. |
AWESOME so glad you can repro! |
Hi, I investigated a bit further. Lambda works as expected and adds the
I'll transfer this issue to |
@sw-yx : To give some background, this only happens when groups are used and users are member of a group. The root cause is that ListBucket policy was applied for child objects but on on the bucket. If you run On the JS side: const rootFiles = await Storage.list(''); This will default to To list the root files as well you've to provide a const rootFiles = await Storage.list('', { customPrefix: { public: '' }}); #5806 fixes this. |
Thanks @attilah! |
@wlee221 perhaps it would worth a paragraph in the Amplify JS docs that for root items this is the escape hatch? |
i greatly appreciate both of you taking the time to look into this! good spot with the policies. you are saying that this problem only exists at the root, but there is a chance that i also faced this problem when inside a subfolder or inside the "/public" folder as well. i will need to doublecheck and report back if this is the case. |
CLI parts:
JS parts: |
this was awesome, thanks everyone for your help 👍🏽 |
This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
Describe the bug
With the default IAM policies and intuitive CRUD set up via Amplify CLI, I still encounter 403 errors when I try to
Storage.list
, even when I am authenticated, and even when I have made sure to allow authenticated and guest users inside Amplify CLI.Here is the error message we get back when trying to
Storage.list
, from an authenticated user:To Reproduce
Steps to reproduce the behavior:
amplify init
amplify add storage
Storage.list
while authenticated, fromlocalhost
.Expected behavior
an authenticated user should be able to read from the s3 bucket, by default, without extra hassle. errors should hint at possible resolution steps rather than just leave us hanging with a 403.
Screenshots
Proof that I have the correct IAM policies set up
i have verified that this is the correct user account
Proof that I have set up Amplify Storage for read by authenticated users
Proof that my Bucket's CORS policy is as recommended
My Amplify Storage generated configs
What is Configured?
If applicable, please provide what is configured for Amplify CLI:
aws-exports
file:Environment
The text was updated successfully, but these errors were encountered: