I am saving PFObjects and PFUser objects on MongoDB atlas (my app is iOS/swift), and inside a Post (PFObject) class, each post object has a pointer to a PFFileObject (an image) that are stored in Amazon S3. Ideally, I want that app user can access the data only through the mobile app. For that, I am wondering what is the lowest level of permissions in S3 required to complete the operation (reading and writing PFFileObject files from the app). I am completely new to all these, so I am not sure if I am understanding well, but I thought that if we leave the S3 bucket public, someone could download/upload/delete files freely even without using the app (and also that could rack up Amazon charges), and that’s what I am worried about. Am I getting all this wrong? Please let me know if it’s not clear what I am saying.
In the link that I sent above for the instructions for configuring S3 adaptor, it says “The bucket name should not contain any period ‘.’ for
directAccess to work. All other defaults are OK.” I thought that the last sentence includes the bucket policy defaults which is to block all public access. However, I couldn’t find a way to make it work unless I set this to public, so I got confused.
Thanks a lot for your help! I really appreciate it.