Description
Environment information
System:
OS: Linux 5.15 Ubuntu 22.04.5 LTS 22.04.5 LTS (Jammy Jellyfish)
CPU: (12) x64 12th Gen Intel(R) Core(TM) i5-1235U
Memory: 4.03 GB / 7.57 GB
Shell: /bin/bash
Binaries:
Node: 22.13.1 - ~/.nvm/versions/node/v22.13.1/bin/node
Yarn: undefined - undefined
npm: 10.9.2 - ~/.nvm/versions/node/v22.13.1/bin/npm
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.3.0
@aws-amplify/backend: 1.1.1
@aws-amplify/backend-auth: 1.1.3
@aws-amplify/backend-cli: 1.2.5
@aws-amplify/backend-data: 1.1.2
@aws-amplify/backend-deployer: 1.1.0
@aws-amplify/backend-function: 1.3.4
@aws-amplify/backend-output-schemas: 1.2.0
@aws-amplify/backend-output-storage: 1.1.1
@aws-amplify/backend-secret: 1.1.0
@aws-amplify/backend-storage: 1.1.2
@aws-amplify/cli-core: 1.1.2
@aws-amplify/client-config: 1.2.1
@aws-amplify/deployed-backend-client: 1.4.0
@aws-amplify/form-generator: 1.0.1
@aws-amplify/model-generator: 1.0.5
@aws-amplify/platform-core: 1.0.6
@aws-amplify/plugin-types: 1.2.1
@aws-amplify/sandbox: 1.2.0
@aws-amplify/schema-generator: 1.2.1
aws-amplify: 6.8.0
aws-cdk: 2.154.1
aws-cdk-lib: 2.154.1
typescript: 5.5.4
AWS environment variables:
AWS_STS_REGIONAL_ENDPOINTS = regional
AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables
Describe the bug
I get this error when using the list function from 'aws-amplify/storage'
import { list } from 'aws-amplify/storage'
const result = await list({
path: ({identityId}) => `media/{identityId}/`
})
arn:aws:sts::REDACTEDACCOUNTID:assumed-role/amplify-d3su8b8ts26mem-st-amplifyAuthauthenticatedU-xrRLyt00Gu8C/CognitoIdentityCredentials is not authorized to perform: s3:ListBucket on resource: "arn:aws:s3:::amplify-d3su8b8ts26mem-st-REDACTEDBUCKETNAME760f-k0jit9xertfc" because no identity-based policy allows the s3:ListBucket action
But I am clearly authenticated as I manage to put objects in this bucket, the storage is defined as follows :
import { defineStorage } from '@aws-amplify/backend';
export const storage = defineStorage({
name: 'REDACTEDBUCKETNAME',
access: (allow) => ({
'media/{entity_id}/*': [
// {entity_id} is the token that is replaced with the user identity id
allow.entity('identity').to(['write','list'])
]
})
});
And I do have an IAM policy attached to this user with permissions PutObject and ListBucket, this policy has been created automatically by aws amplify, I am just stupidly following the docs.
Reproduction steps
Define a storage with permissions write and list
export const storage = defineStorage({
name: 'REDACTEDBUCKETNAME',
access: (allow) => ({
'media/{entity_id}/*': [
// {entity_id} is the token that is replaced with the user identity id
allow.entity('identity').to(['write','list'])
]
})
});
Try to list in your client code
import { list } from 'aws-amplify/storage'
const result = await list({
path: ({identityId}) => `media/{identityId}/`
})