Put file on S3 with AWS SDK 2 & Cognito for unauth users using iOS SDK 2

Question

I want to upload a file to one of my S3 buckets.

In my app I have:

In my app delegate

let credentialProvider = AWSCognitoCredentialsProvider(regionType: .USEast1, identityPoolId: "us-east-1:05da3124-9aab-abd9-081231a31")
        let configuration = AWSServiceConfiguration(region: .USEast1, credentialsProvider: credentialProvider)
        AWSServiceManager.defaultServiceManager().defaultServiceConfiguration = configuration

An Upload function

func uploadFile(fileURL: NSURL, type: MediaType) {
    var uploadRequest = AWSS3TransferManagerUploadRequest()
    uploadRequest.body = fileURL
    uploadRequest.key = fileURL.lastPathComponent
    uploadRequest.bucket = "xxx.xxx.dev"
    transferManager.upload(uploadRequest).continueWithBlock { (task) -> AnyObject! in
        if let error = task.error {
            log.debug("Upload failed with error: \(error)")
        } else {
            log.debug("Object \(uploadRequest.key) uploaded with \(task.result)")
            XXXRESTManager.sharedInstance.doRegisterUpload(uploadRequest.key, type: type)
        }
        return nil
    }
}

A Policy attached to my Unauthenticated role in my identity pool:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3: PutObject"
            ],
            "Resource": "arn:aws:s3:::xxx.xxx.dev"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:CreatePlatformEndpoint",
                "sns:Subscribe"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

The connection to cognito is correct (i now have one unauthenticated user in AWS console.

However I still get a permission denied when I try to upload a file. What did I missed?

Answer 1

I don't know what caused the issue, but I managed to make it work. The code in the question IS correct.

Answer 2

AWSS3TransferManagerUploadRequest might need more permissions than just PutObject to work. Have you tried giving broader permissions for S3 on your policy? Probably it needs at least GetObject, but try first with "Action": "s3:*" so we can make sure the problem is in that part.