Hallo
I have an app in which users upload paperwork for an “moderator” group to review.
Currently the files are uploaded to AWS and authentication is Cognito.
The goal: Normal users can’t access each other’s paperwork, but everyone in the moderator group can access a normal user’s paperwork.
It seems like this type of control may be possible using roles and policies attached to buckets, but I don’t have a lot of experience with IAM yet — does anyone have helpful tips about how to think about this pattern of file sharing?
Thanks!