Question posted in 
I’m building a website using React and AWS Services, for storage AWS S3. I’ve read many use cases online, almost all of them suggest IAM user policies. But I’m not sure if it helps me in my case. The idea would be for a registered user in my website to be able to upload a file, and allow him to view it or download it, but don’t allow different users to access it.
I’ve tried using CloudFront to add security, but the files are still accessible for all registered users, instead of only the owner of the file.
2
Answers
Cloudfront and s3 don’t know who owns the file.
Presigned urls from your application could be an option, that means you track who uploaded a file and create a presigned url. Cognito for user auth may also be a good option.
IAM Users should only be used by your internal staff. They should not be created for actual users of your application.
Instead, your application should be responsible for identifying and authenticating users. It should also maintain a database of users and their files. If a user requests access to an object, your application should determine whether the user is entitled to access the file. If so, it can generate an Amazon S3 pre-signed URLs, which provide time-limited access to private objects in Amazon S3.
You can either code your own authentication mechanism, or it could use Amazon Cognito.