1 No, the @auth rules only apply to the GraphQL API not the S3 bucket for storage. The rules you mentioned will allow anyone to read from the database, but the a user still needs to be authorized to read from the S3 bucket in some way, either signed in or not, via the Amplify SDK (sends a signed request, gets a signed url that is valid for a set period of time)
4 Yes, we support multi auth now (starting last week) from the CLI -> aws-amplify.github.io/docs/cli-too...
5 You can update the API key by changing the expiration date in the local settings and run amplify push to update -> aws-amplify.github.io/docs/cli-too...
Thanks for your answers. I have just 3 last questions, very important for me.
I read that in an angular web app we can use two AmplifyAppsyncClient BUT it is impossible to do "amplify add auth" twice to get both api_key and a Cognito user pool. We just can insert an API KEY in aws-exports built from another project.
In fact, there are more than 2 use cases. There are 3 use cases.
_ public images (public for anyone, authenticated and unauthenticated users)
_ private images (public access for authenticated users)
_ sensitive private images (read/write only for one and only one user)
You don't talk about the third use case. How to handle (with amplify-cli) that ?
With custom cloudformations like this ?
Is there a JWT Cognito authentication mechanism to prevent requests to get objects that do not belong to the user ?
Yes you can combine authorization rules. See details here
Private access is built in to Amplify - See docs here referencing private access
Yes, the process of storing would be the same, the only difference is you would need to deal with standard streaming / buffering protocols on the client that are agnostic to Amplify.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.