From 824dfb7f6e465bd37da8845671a4040ef8a5bcf1 Mon Sep 17 00:00:00 2001 From: Knut Ahlers Date: Sun, 15 Jan 2017 03:02:34 +0100 Subject: [PATCH] Document Cognito Auth-Policy --- cognito_auth_policy.json | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 cognito_auth_policy.json diff --git a/cognito_auth_policy.json b/cognito_auth_policy.json new file mode 100644 index 0000000..7b87474 --- /dev/null +++ b/cognito_auth_policy.json @@ -0,0 +1,46 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "mobileanalytics:PutEvents", + "cognito-sync:*", + "cognito-identity:*" + ], + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::past3" + ], + "Condition": { + "StringLike": { + "s3:prefix": [ + "${cognito-identity.amazonaws.com:sub}/" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::past3/${cognito-identity.amazonaws.com:sub}", + "arn:aws:s3:::past3/${cognito-identity.amazonaws.com:sub}/*" + ] + } + ] +}