File storage

Amplify Studio File Storage provides a simple mechanism for managing user content for your app in public, protected or private storage folders. In Studio you can specify authorization rules that limit individual user or group access to create, read, update, or delete operations on your files. The File Storage category comes with built-in support for Amazon S3.

Amplify Studio storage start page

There are two ways to add file storage to Amplify Studio - import an existing S3 bucket and create a new S3 bucket. Both methods require the authentication category to also be enabled.

To set the authorization modes on new file storage

When you create new file storage for your app, you can edit authorization rules.

Launch Studio for an app.
On the Set up menu, choose Storage.
On the Storage page, locate the Authorization settings on the bottom of the File storage bucket card.
Select your desired authorization settings for Signed-in users, or Guest users (optional).

The authorization modes can always be edited under Set up, Storage.

To enable local development after setting up guest permissions, you must allow unauthenticated logins by updating your auth settings. Run amplify update auth to update your auth settings.

To import file storage

For default file access levels to work, your bucket needs to be configured accordingly:

private/{user_identity_id}/ - Only accessible for the individual user
protected/{user_identity_id}/ - Readable by all users, writable only by the creating user
public/ - Accessible by all users of your app

Learn more about how to import file storage.

To set the authorization mode on imported file storage

If you're using an imported S3 bucket with an imported Cognito resource, then you'll need to update the policy of your Cognito Identity Pool's authenticated and unauthenticated role. You'll need to create new managed policies (not inline policies) for these roles.

Learn more about how to configure IAM roles for imported file storage

File browser