re: GraphQL Tutorial - How to Manage Image & File Uploads & Downloads with AWS AppSync & AWS Amplify VIEW POST

re: [deleted]

1 No, the @auth rules only apply to the GraphQL API not the S3 bucket for storage. The rules you mentioned will allow anyone to read from the database, but the a user still needs to be authorized to read from the S3 bucket in some way, either signed in or not, via the Amplify SDK (sends a signed request, gets a signed url that is valid for a set period of time)

4 Yes, we support multi auth now (starting last week) from the CLI -> aws-amplify.github.io/docs/cli-too...

5 You can update the API key by changing the expiration date in the local settings and run amplify push to update -> aws-amplify.github.io/docs/cli-too...

  1. Yes you can combine authorization rules. See details here

  2. Private access is built in to Amplify - See docs here referencing private access

  3. Yes, the process of storing would be the same, the only difference is you would need to deal with standard streaming / buffering protocols on the client that are agnostic to Amplify.

code of conduct - report abuse