S3CannedACL.PublicRead + Cognito ? Create Grant ?

amazon-archives / aws-sdk-unity

ARCHIVED: The aws sdk for unity is now distributed as a part of aws sdk for dotnet:

https://github.com/aws/aws-sdk-net

Other

105 stars 43 forks source link

S3CannedACL.PublicRead + Cognito ? Create Grant ? #92

Closed vodelsdev closed 8 years ago

vodelsdev commented 9 years ago

Hi,

Maybe it's not the right place to have an answer but i can't figure it out how it works with cognito/IAM roles/S3 grantee+permissions...

I'm using aws sdk for unity for my game and i want that users can share contents between them. I supposed the user1 could upload file on a specific bucket and user2 can download the file. In a simple way, i want the user could upload with grantee "everyone" and public-read on the PostObjectAsync.

For now, i could upload a file with private ACL. Grant option doesn't seem to exist on the method.. It always return forbidden with ACL PublicRead with cognito credentials.

Of course i've changed my IAM role with PutObjectAcl...

Does anyone has an idea how i could achieve this ?

thks,

karthiksaligrama commented 9 years ago

Seems to be a bug in the post policy. The sdk doesn't seem to be using the Canned ACL in the post policy string which is why you are getting the forbidden error. To get around this for now you can create your own policy based on your requirement set it in PostObjectRequest Signed Policy property as shown here. Let me know if this helps.

vodelsdev commented 9 years ago

Hi thks for reply,

I've created my own Post policy with public-read settings but i've got the same response : forbidden. If I use ACL private, it works well but the file uploaded is not accessible for other users. If i simulate my cognito role on IAM users i'm allowed to use PutObjectAcl.

A question : i could use PutObjectAcl with cognito credentials?

Every time I find a example about ACL and cognito, it always with private ACL

regards

karthiksaligrama commented 9 years ago

can you paste your policy here?

vodelsdev commented 9 years ago

    string policyString = "{\"expiration\": \"" 
            + System.DateTime.UtcNow.AddHours (24).ToString ("yyyy-MM-ddTHH:mm:ssZ") 
            + "\",\"conditions\": " 
            + "["
            + "{\"bucket\": \"my_bucket\"},"
            + "{\"acl\": \"public-read\"},"
            + "]}";
            var signedPolicy = S3PostUploadSignedPolicy.GetSignedPolicy(policyString,_credentials);

Credentials are Cognito unauthentified user.

karthiksaligrama commented 8 years ago

Fixed in UnityV3 . Please refer to the branch https://github.com/aws/aws-sdk-net/tree/unityv3