Solvedserverless stack com Comments: Upload a File to S3

57 Answers

โœ”๏ธAccepted Answer

@alpiepho the policy allowing the Identity Pool to access S3 resources was defined in Create a Cognito Identity Pool chapter. When the Identity Pool was first created, we attached the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
  ...,
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR_S3_UPLOADS_BUCKET_NAME/${cognito-identity.amazonaws.com:sub}*"
      ]
    }
  ]
}

This grants access to YOUR_S3_UPLOADS_BUCKET_NAME bucket, and files prefixed with the users' identity in the bucket.

Other Answers:

@nerdguru I had the same problem. AWS throws a 403 error because the user permissions associated with the authorized users (of your identity pool) does not grant them access to read/write S3 data.

The solution is to go into the IAM console, go to Roles tab on the side, click on the one associated with your Identity pool. For reference, mine was called "Cognito_notesidentitypoolAuth_Role" After you're on the Summary page, click attach policy and choose the following: AmazonS3FullAccess

@designpressure That CORS block that you posted is the default one. The one we use in the tutorial (https://serverless-stack.com/chapters/create-an-s3-bucket-for-file-uploads.html) looks like this:

<CORSConfiguration>
	<CORSRule>
		<AllowedOrigin>*</AllowedOrigin>
		<AllowedMethod>GET</AllowedMethod>
		<AllowedMethod>PUT</AllowedMethod>
		<AllowedMethod>POST</AllowedMethod>
		<AllowedMethod>HEAD</AllowedMethod>
		<MaxAgeSeconds>3000</MaxAgeSeconds>
		<AllowedHeader>*</AllowedHeader>
	</CORSRule>
</CORSConfiguration>

Not sure if you missed it but give that a try.

Related Issues:

7
serverless stack com Comments: Upload a File to S3
@alpiepho the policy allowing the Identity Pool to access S3 resources was defined in Create a Cogni...
480
aws cli Invalid Syntax Error when running any AWS command.
Leaving this here in case someone comes across this via google like me: I had the same issue with th...
328
amplify js Uncaught ReferenceError: global is not defined in latest Angular 6 RC
Just for reference I have passed through this issue with adding these lines on my index.html head: ...
219
aws cli aws s3api create-bucket throws error for us-east-2
For those of you looking to create a bucket via the CLI run this: aws s3api create-bucket --bucket d...
210
aws sdk js Typescript error: Cannot find name 'Buffer'/'http'/'https'
@pvamshi So I was able to reproduce your issue Hi! First I want to thank you for this SDK ...
171
aws cli aws ssm put-parameter performs an HTTP GET request when the value param is an url
Just kill this 'feature' seriously Even apart from security concerns it certainly violates the princ...
151
serverless How do I enable CORS?
@lakinducker Thanks No problem! I updated your comment with the corresponding markdown and now the i...
136
terragrunt Upgrading to Terraform 0.12: separate configuration file for Terragrunt?
Hi all Hi! I'm one of the engineers at HashiCorp who works on Terraform Core As you might be aware ...
122
amplify cli Many-To-Many
You can implement many to many yourself using two 1-M @connections and a joining @model ...
120
aws cli How to describe instances from all regions?
For people arriving here from Google here's one way to list all your instances across all regions wi...
114
amplify js fetch is not defined
nodejs fix: I'm using amazon-cognito-auth-js with my express app and I'm following the case 1 exampl...
109
terraform aws eks Error: Post "http://localhost/api/v1/namespaces/kube-system/configmaps": dial tcp 127.0.0.1:80: connect: connection refused
this fixed it for me thanks @cidesaasoptics I am started getting this issue: All my code were workin...
106
amplify js Error: No credentials, applicationId or region
I had the same issue (running on the latest Amplify v3) and worked around it by changing the followi...
104
amplify js Is it possible to get cognito user attributes in Lambda/cloud logic ?
I have been looking around for a while I feel the answers here didn't really answer the problem ...
96
sops Cannot decrypt with GPG 2.2.5 and SOPS 3.0.0
The problem suddenly re-occured.. I think it has to do with the gpg-agent For the moment this solved...
93
serverless Error: spawn java ENOENT
Have you tried running sls dynamodb install? This downloads the DynamoDb libs you need. ...
88
serverless Schedule event not created when supplying options
Sorry this was user error and I actually just had the wrong indentation Correct indentation ...
83
amplify cli aws-exports.js is not generated
Even after the third read I find it utterly confusing and I have usability issues too ...
83
amplify js Auth Error: Amplify has not been configured correctly using Nuxt.js
I 'm having the same issue in aws-amplify: ^3.0.11 I found out Auth module didn't load configs of aw...
81
serverless chrome NSS_VersionCheck("3.26") failed
I have done to fix this in Ubuntu 16.04 by reinstalling libnss3 Hello I get the below at runtime whe...
77
kubespray After the certificate expires how use kubespray to renew certificate
@kerOssinas you are right the upgrade-cluster.yml of Kubespray will also rotate the certificates ...
74
terraform aws vpc Terraform 0.12 + vpc module v2.2 (Inappropriate value for attribute "subnet_ids": element 0: string required.)
@sonianara You can always unwrap value between [ and ] to make it like this: I am trying to upgrade ...
70
amplify js How to refresh Cognito tokens
It will refresh if you call the SDK for it e.g. with Auth.currentSession() and it finds an expired t...
69
aws cdk TS - Argument of type 'this' is not assignable to parameter of type 'Construct'
Hi @benswinburne I have a created a simple Stack that creates a VPC with three simple subnets ...
66
serverless Serverless using AWS profiles only half working
You can use AWS Profiles with Severless including IAM cross-account role assumption ...
62
serverless Narrowing the Serverless IAM Deployment Policy
I think I have the serverless deployment policy nailed at this point A bit more testing is in order ...
60
aws cli Can't install / configure aws cli
Interesting It looks like it's failing to parse ~/.aws/config Can you try putting in fake values? He...
59
aws sam cli Error when installing python version on MACOS
Try with --user flag? Description: I got an error when trying to install the new version on MacOS St...
59
aws iam authenticator QUESTION: How to create the k8s users and groups to map to?
I got it to work! For anyone else finding this issue here's what I did In my configmap for aws-iam-a...
57
containers roadmap [EKS] [request]: Remove requirement of public IPs on EKS managed worker nodes
Yea thats the part in your documentation I was surprised by Community Note Please vote on this issue...
57
terraform provider aws Error: "policy" contains an invalid JSON: invalid character '}' looking for beginning of object key string
@JayMaree I think your error is here: I had the same issue which brought me here but mine was just a...
56
amplify cli @auth public/private IAM roles and other Providers
ok my bad was actually quite easy just do : and add a auth provider in my case was IAM ...
55
amplify js Sign up multiple different accounts with the same email
The pre-signup trigger can be used to prevent the new signup from being created when there's an exis...
54
terraform provider aws Creating aws_elasticsearch_domain can't be done due to absence of AWSServiceRoleForAmazonElasticsearchService role
You can just add this ressource before creating your domain: This will create the needed role for ES...
52
amplify js Amplify Console 200 (Rewrite) fails on SPA React (Router) Application
This worked for me source: </^((?!.(css|gif|ico|jpg|js|png|txt|svg|woff|ttf)$).)*$/> target address:...
51
amplify js aws-amplify 0.3.0: "Uncaught ReferenceError: require is not defined" when packaged with webpack
Ok I found something that helped Graphql-js uses .mjs as file extension which caused issues with the...
51
aws cli Code Deploy - Unhandled exception - ZIP does not support timestamps before 1980
eb deploy gave me find -mtime +10950 -print -exec touch {} \; solved the problem. ...
50
aws cli PyYAML requires python-dev dependency
We have had some success here by running Hi It seems the latest release of awscli requires PyYAML as...
50
terraform provider aws Feature Request: WAFv2 Web ACL Resource
@briensherman @shadbi I'm currently busy implementing the resources already did #12119 #12284 and I'...
47
aws cli aws ecr get-login error: argument operation: Invalid choice
If you still want to use cli (maybe for automation) this is the full command according to the offici...
47
aws iam authenticator error: You must be logged in to the server (Unauthorized) -- same IAM user created cluster
You need to map IAM users or roles into the cluster using the aws-auth ConfigMap This is done automa...
46
aws load balancer controller Create option to reuse an existing ALB instead of creating a new ALB per Ingress
I've created another ingress controller that combines multiple ingress resources into a new one => h...
46
serverless Ignore check for unchanged files after failed deployment
Have you tried to use sls deploy --force @tom10271 ? After a failed deployment due to remote (CloudF...
45
amplify js Identity providers authentication against User Pools WITHOUT hosted UI
@martimarkov we find a solution for you to use the customized button to do that ...
45
serverless application model cloudformation deploy CLI exits with return code 255 if stack exists
Adding --no-fail-on-empty-changeset seems to work i.e. allow bash script execution to continue even ...
45
terraform provider aws Support AWS CLI v2 AWS Single Sign-On
Support for AWS Single-Sign On (SSO) cached credentials has been merged and will release with versio...
44
amplify cli jest-haste-map: Haste module naming collision: -> namefunction <-
For React Native 0.6x configure the blacklist in metro.config.js instead of rn-cli.config.js as per ...
44
amplify js Getting "no current user" after successful login to Cognito UserPool
I had the same problem but for me removing the cookie storage configuration in aws-exports.js solved...
43
amplify js How to add user to Group
๐Ÿ‘† Also we have achieved this using the Post Confirmation Lambda trigger Very simplified from our im...
43
containers roadmap [EKS] [request]: Managed Node Groups support for node taints
Hey folks Native support for Kubernetes taints is now available in managed node groups! What's New D...