Open juri-diener opened 5 days ago
Hi @juri-diener The ID string you were asking about is not a user sub, but a user identity ID. For details about the storage access level and prefix construction, see this documentation: https://docs.amplify.aws/gen1/react/build-a-backend/storage/configure-access/.
If you plan to access a file uploaded with a protected access level by a different user, you would need to record the identity ID of that user. You can get the user identity ID by calling fetchAuthSession()
.
In the meantime, if you are building something new, the above linked documentation also recommends starting with the Amplify Gen2 experience, which gives you much more freedom in file permission management.
Hi @juri-diener The ID string you were asking about is not a user sub, but a user identity ID. For details about the storage access level and prefix construction, see this documentation: https://docs.amplify.aws/gen1/react/build-a-backend/storage/configure-access/.
If you plan to access a file uploaded with a protected access level by a different user, you would need to record the identity ID of that user. You can get the user identity ID by calling
fetchAuthSession()
.In the meantime, if you are building something new, the above linked documentation also recommends starting with the Amplify Gen2 experience, which gives you much more freedom in file permission management.
Hello, thank you for your answer. Why don't I see this ID anywhere? Even when I edit the cognito user in the backend, I don't see this ID with eu-north-1 anywhere.
To clarify, is the ID with eu-north-1 the correct user_identity-id?
And if so, do I have access in the Lambda function? Because after every signup, a Lambda function is executed and the cognito user is saved in my dynamodb table. And for that I need this ID so that I can access the S3 storage.
I started the project months ago. So I can't switch to gen2 for now. And this problem has been holding me back for a week now :( I would be really grateful if you could help me solve this.
@juri-diener, I think we're getting a better understanding of what you're looking to do now. Thank you for the additional context.
While you've already started building your app, we'd recommend both upgrading to the latest version of v6 (currently v6.4.0 and I think you're on v6.0.28) as well as make the transition to using Gen 2 based on what you're looking to accomplish. This will make it easier for you to use the custom authorization rules as well as define the path for the S3 bucket that you'd prefer (see this Gen 1 doc for more info).
Let us know if you're able to make this update, as it will give you more extensibility and customization long term.
@juri-diener, I think we're getting a better understanding of what you're looking to do now. Thank you for the additional context.
While you've already started building your app, we'd recommend both upgrading to the latest version of v6 (currently v6.4.0 and I think you're on v6.0.28) as well as make the transition to using Gen 2 based on what you're looking to accomplish. This will make it easier for you to use the custom authorization rules as well as define the path for the S3 bucket that you'd prefer (see this Gen 1 doc for more info).
Let us know if you're able to make this update, as it will give you more extensibility and customization long term.
Ok thank you for your response. So just to clarify. The identity id with eu-north-1 at the beginning. Ist the correct id in S3 ? Or is something messed up on my configuration ? Because it seems to me still, that the id with the region is wrong. But if that's how it should be, then everything is fine, I need then just to know how I can access this ID on signup in a lambda function.
Is there a way how to update the version safely? Because I did an update of amplify CLI but then something else didn't worked as it should so I had to need to downgrade again. That's why I would prefer for now to stay on the version I have now. And only upgrade if my project is done. This means this problem with S3 I need to solve...
Before opening, please confirm:
JavaScript Framework
React Native
Amplify APIs
GraphQL API, Storage
Amplify Version
v6
Amplify Categories
auth, storage, function, api
Backend
Amplify CLI
Environment information
Describe the bug
Hello I can't get the files I uploaded to S3 because of a wrong identity id in my bucket.
User with the Id: 70fc.......a6fb uploads the file in S3 the file now ends up under: bucketname/protected/eu-north-1:be14......36aaa70/audio/filename
Where does this id come from? eu-north-1:be14......36aaa70
I thought the sub is used from cognito to identify the user. Because in the docs of the getURL function there is this field: targetIdentityId?: 'XXXXXXX', // id of another user, if
accessLevel
isprotected
And if I understand it right it should be the sub of the cognito user.Because how would User B access User A uploaded files for example an profile image.
Please help me I don't know where to search for this issue, and I can't do anything further if this is not working.
Expected behavior
Should create under the bucket name/protected a folder with the user sub id. --> bucketname/protected/70fc.../audio/filename
Reproduction steps
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response