I'd like to request to S3 as a cognito certification qualification.
S3 is using sdk
Cognito is using amplify.
Use an angular typescript.
I would like to replace the secret key with the cognito authentication information when creating S3.
I want to access s3 with the user I received from Auth.signIn, but the credentials are missing.
I need your help.
public signIn(user: IUser): Promise<any> {
return Auth.signIn(user.email, user.password).then((user) => {
AWS.config.region = 'ap-northeast-2';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId: 'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff',
});
const userSession = Auth.userSession(user);
const idToken =
userSession['__zone_symbol__value']['idToken']['jwtToken'];
AWS.config.region = 'ap-northeast-2';
AWS.config.credentials = new AWS.CognitoIdentityCredentials({
IdentityPoolId:
'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff',
RoleArn: 'arn:aws:iam::111111111111:role/Cognito_role',
Logins: {
CognitoIdentityPool:
'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff',
idToken: idToken,
},
}));
const s3 = new AWS.S3({
apiVersion: '2012-10-17',
region: 'ap-northeast-2',
params: {
Bucket: 'Bucketname',
},
});
s3.config.credentials.sessionToken =
user.signInUserSession['accessToken']['jwtToken'];
s3.listObjects(function (err, data) {
if (err) {
return alert(
'There was an error: ' + err.message
);
} else {
console.log('***********s3List***********', data);
}
});
}
bucket policy
{
"Version": "2012-10-17",
"Id": "Policy",
"Statement": [
{
"Sid": "AllowIPmix",
"Effect": "Allow",
"Principal": "*",
"Action": "*",
"Resource": "arn:aws:s3:::s3name/*",
}
]
}
cognito Role Policies - AmazonS3FullAccess
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
],
"Resource": "*"
}
]
}
AWS 공식업데이트됨 6달 전
