Public Read Access for AWS Amplify Storage
Allow unauthenticated users access to files in public Amplify Storage bucket
This article was originally published on Floom.
AWS Amplify Storage provides three levels of content protection: private
, protected
, and public
.
private
: These files are only accessible for the individual user that uploaded them. By default, these files are stored in your storage bucket underprivate/{user_identity_id}/
where theuser_identity_id
corresponds to the unique Amazon Cognito Identity ID for that user.protected
: These files are readable by all users, but writable only by the creating user. By default, these files are stored underprotected/{user_identity_id}/
where theuser_identity_id
corresponds to the unique Amazon Cognito Identity ID for that user.public
: These files are read and write accessible by all users of your app. Files are stored under thepublic/
path in your S3 bucket.
When using Storage.put
and Storage.get
, you can specify which level of content you are referring to. For example:
Storage.put('sample.txt', 'Sample content', {
level: 'protected',
contentType: 'text/plain'
})
Both protected
and public
files permit read access from users who are not the file owners. But if you are looking to add truly public read access to users and non-users (guests) alike, this can be done easily by adding a rule to s3-cloudformation-template.json
. Under the resources
key, add the following policy:
This will allow everyone read access to files in your storage bucket listed under /protected/*
. You can do the same for files under the /public/*
name as well. Make sure to amplify push
once you’ve added this policy.