From 824dfb7f6e465bd37da8845671a4040ef8a5bcf1 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sun, 15 Jan 2017 03:02:34 +0100
Subject: [PATCH] Document Cognito Auth-Policy

---
 cognito_auth_policy.json | 46 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 cognito_auth_policy.json

diff --git a/cognito_auth_policy.json b/cognito_auth_policy.json
new file mode 100644
index 0000000..7b87474
--- /dev/null
+++ b/cognito_auth_policy.json
@@ -0,0 +1,46 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "mobileanalytics:PutEvents",
+                "cognito-sync:*",
+                "cognito-identity:*"
+            ],
+            "Resource": [
+                "*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:ListBucket"
+            ],
+            "Resource": [
+                "arn:aws:s3:::past3"
+            ],
+            "Condition": {
+                "StringLike": {
+                    "s3:prefix": [
+                        "${cognito-identity.amazonaws.com:sub}/"
+                    ]
+                }
+            }
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetObject",
+                "s3:GetObjectAcl",
+                "s3:PutObject",
+                "s3:PutObjectAcl",
+                "s3:DeleteObject"
+            ],
+            "Resource": [
+                "arn:aws:s3:::past3/${cognito-identity.amazonaws.com:sub}",
+                "arn:aws:s3:::past3/${cognito-identity.amazonaws.com:sub}/*"
+            ]
+        }
+    ]
+}