Unauthenticated access with getUrl from Server using next.js

[itsRares]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

Next.js

Amplify APIs

Storage

Amplify Version

v6

Amplify Categories

storage

Backend

Amplify Gen 2

Environment information

  System:
    OS: macOS 15.1.1
    CPU: (8) arm64 Apple M1 Pro
    Memory: 121.30 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 23.1.0 - /opt/homebrew/bin/node
    Yarn: 1.22.19 - ~/.yarn/bin/yarn
    npm: 10.9.0 - /opt/homebrew/bin/npm
    Watchman: 2024.12.02.00 - /opt/homebrew/bin/watchman
  Browsers:
    Chrome: 132.0.6834.160
    Safari: 18.1.1
  npmPackages:
    %name%:  0.1.0 
    @ampproject/toolbox-optimizer:  undefined ()
    @aws-amplify/adapter-nextjs: ^1.4.1 => 1.4.1 
    @aws-amplify/adapter-nextjs/api:  undefined ()
    @aws-amplify/adapter-nextjs/data:  undefined ()
    @aws-amplify/backend: ^1.12.0 => 1.12.0 
    @aws-amplify/backend-cli: ^1.4.6 => 1.4.6 
    @aws-amplify/ui-react-storage: ^3.6.1 => 3.6.1 
    @aws-amplify/ui-react-storage/browser:  undefined ()
    @aws-appsync/utils: ^1.12.0 => 1.12.0 
    @babel/core:  undefined ()
    @babel/runtime:  7.22.5 
    @edge-runtime/cookies:  6.0.0 
    @edge-runtime/ponyfill:  4.0.0 
    @edge-runtime/primitives:  6.0.0 
    @eslint/eslintrc: ^3 => 3.2.0 
    @fortawesome/fontawesome-svg-core: ^6.7.2 => 6.7.2 
    @fortawesome/free-brands-svg-icons: ^6.7.2 => 6.7.2 
    @fortawesome/free-regular-svg-icons: ^6.7.2 => 6.7.2 
    @fortawesome/free-solid-svg-icons: ^6.7.2 => 6.7.2 
    @fortawesome/react-fontawesome: ^0.2.2 => 0.2.2 
    @hapi/accept:  undefined ()
    @mswjs/interceptors:  undefined ()
    @napi-rs/triples:  undefined ()
    @next/font:  undefined ()
    @opentelemetry/api:  undefined ()
    @reduxjs/toolkit: ^2.5.0 => 2.5.0 
    @reduxjs/toolkit-query:  1.0.0 
    @reduxjs/toolkit-query-react:  1.0.0 
    @reduxjs/toolkit-react:  1.0.0 
    @types/aws-lambda: ^8.10.147 => 8.10.147 
    @types/node: ^20 => 20.17.11 
    @types/prop-types: ^15.7.14 => 15.7.14 
    @types/react: ^19 => 19.0.2 
    @types/react-dom: ^19 => 19.0.2 
    @types/react-slick: ^0.23.13 => 0.23.13 
    @vercel/nft:  undefined ()
    @vercel/og:  0.6.4 
    acorn:  undefined ()
    amphtml-validator:  undefined ()
    anser:  undefined ()
    assert:  undefined ()
    async-retry:  undefined ()
    async-sema:  undefined ()
    aws-amplify: ^6.12.2 => 6.12.2 
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/enable-oauth-listener:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/data:  undefined ()
    aws-amplify/data/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    aws-cdk: ^2.174.1 => 2.174.1 
    aws-cdk-lib: ^2.174.1 => 2.174.1 
    babel-packages:  undefined ()
    browserify-zlib:  undefined ()
    browserslist:  undefined ()
    buffer:  undefined ()
    bytes:  undefined ()
    ci-info:  undefined ()
    cli-select:  undefined ()
    client-only:  0.0.1 
    clsx: ^2.1.1 => 2.1.1 
    commander:  undefined ()
    comment-json:  undefined ()
    compression:  undefined ()
    conf:  undefined ()
    constants-browserify:  undefined ()
    constructs: ^10.4.2 => 10.4.2 
    content-disposition:  undefined ()
    content-type:  undefined ()
    cookie:  undefined ()
    cross-spawn:  undefined ()
    crypto-browserify:  undefined ()
    css.escape:  undefined ()
    data-uri-to-buffer:  undefined ()
    debug:  undefined ()
    devalue:  undefined ()
    domain-browser:  undefined ()
    edge-runtime:  undefined ()
    esbuild: ^0.24.2 => 0.24.2 (0.23.1)
    eslint: ^9 => 9.17.0 
    eslint-config-next: 15.1.3 => 15.1.3 
    events:  undefined ()
    find-up:  undefined ()
    formik: ^2.4.6 => 2.4.6 
    framer-motion: ^11.18.0 => 11.18.0 
    fresh:  undefined ()
    glob:  undefined ()
    gzip-size:  undefined ()
    http-proxy:  undefined ()
    http-proxy-agent:  undefined ()
    https-browserify:  undefined ()
    https-proxy-agent:  undefined ()
    icss-utils:  undefined ()
    ignore-loader:  undefined ()
    image-size:  undefined ()
    is-animated:  undefined ()
    is-docker:  undefined ()
    is-wsl:  undefined ()
    jest-worker:  undefined ()
    json5:  undefined ()
    jsonwebtoken:  undefined ()
    loader-runner:  undefined ()
    loader-utils:  undefined ()
    lodash.curry:  undefined ()
    lru-cache:  undefined ()
    mini-css-extract-plugin:  undefined ()
    moment: ^2.30.1 => 2.30.1 
    nanoid:  undefined ()
    native-url:  undefined ()
    neo-async:  undefined ()
    next: ^15.1.5 => 15.1.5 
    node-cache: ^5.1.2 => 5.1.2 
    node-fetch:  undefined ()
    node-html-parser:  undefined ()
    ora:  undefined ()
    os-browserify:  undefined ()
    p-limit:  undefined ()
    p-queue:  undefined ()
    path-browserify:  undefined ()
    path-to-regexp:  undefined ()
    picomatch:  undefined ()
    platform:  undefined ()
    postcss: ^8 => 8.4.49 (8.4.31)
    postcss-flexbugs-fixes:  undefined ()
    postcss-modules-extract-imports:  undefined ()
    postcss-modules-local-by-default:  undefined ()
    postcss-modules-scope:  undefined ()
    postcss-modules-values:  undefined ()
    postcss-preset-env:  undefined ()
    postcss-safe-parser:  undefined ()
    postcss-scss:  undefined ()
    postcss-value-parser:  undefined ()
    process:  undefined ()
    punycode:  undefined ()
    querystring-es3:  undefined ()
    raw-body:  undefined ()
    react: ^19.0.0 => 19.0.0 
    react-builtin:  undefined ()
    react-dom: ^19.0.0 => 19.0.0 
    react-dom-builtin:  undefined ()
    react-dom-experimental-builtin:  undefined ()
    react-experimental-builtin:  undefined ()
    react-is:  19.0.0-rc-65e06cb7-20241218 
    react-loading-skeleton: ^3.5.0 => 3.5.0 
    react-redux: ^9.2.0 => 9.2.0 
    react-refresh:  0.12.0 
    react-server-dom-turbopack-builtin:  undefined ()
    react-server-dom-turbopack-experimental-builtin:  undefined ()
    react-server-dom-webpack-builtin:  undefined ()
    react-server-dom-webpack-experimental-builtin:  undefined ()
    react-slick: ^0.30.3 => 0.30.3 
    react-toastify: ^11.0.2 => 11.0.2 
    redux: ^5.0.1 => 5.0.1 
    redux-persist: ^6.0.0 => 6.0.0 
    redux-persist/integration/react:  undefined ()
    redux-thunk: ^3.1.0 => 3.1.0 
    regenerator-runtime:  0.13.4 
    sass-loader:  undefined ()
    scheduler-builtin:  undefined ()
    scheduler-experimental-builtin:  undefined ()
    schema-utils:  undefined ()
    semver:  undefined ()
    send:  undefined ()
    server-only:  0.0.1 
    setimmediate:  undefined ()
    shell-quote:  undefined ()
    slick-carousel: ^1.8.1 => 1.8.1 
    source-map:  undefined ()
    source-map08:  undefined ()
    stacktrace-parser:  undefined ()
    stream-browserify:  undefined ()
    stream-http:  undefined ()
    string-hash:  undefined ()
    string_decoder:  undefined ()
    strip-ansi:  undefined ()
    superstruct:  undefined ()
    tailwind-merge: ^2.6.0 => 2.6.0 
    tailwindcss: ^3.4.1 => 3.4.17 
    tar:  undefined ()
    terser:  undefined ()
    text-table:  undefined ()
    timers-browserify:  undefined ()
    tsx: ^4.19.2 => 4.19.2 
    tty-browserify:  undefined ()
    typescript: ^5.7.2 => 5.7.2 (4.4.4, 4.9.5)
    ua-parser-js:  undefined ()
    unistore:  undefined ()
    util:  undefined ()
    vm-browserify:  undefined ()
    watchpack:  undefined ()
    web-vitals:  undefined ()
    webpack:  undefined ()
    webpack-sources:  undefined ()
    ws:  undefined ()
    yup: ^1.6.1 => 1.6.1 (0.32.11)
    zod:  undefined ()
    zod-validation-error:  undefined ()
  npmGlobalPackages:
    aws-cdk: 2.175.1
    corepack: 0.29.4
    eas-cli: 12.6.0
    npm: 10.9.0

Describe the bug

Previously it worked fine, but since today I have been receiving an '[ Server ] Error: Unauthenticated access is not supported for this identity pool.' when trying to call getUrl from a unauthenticated guest user. I have changed nothing with the configuration and both my production and development builds now do not load images if the user is unauthenticated.

I do have Amplify.configure(outputs, { ssr: true,}); configured

Expected behavior

get my images showing up in my app.

Reproduction steps

Install dependencies.
Run next dev --turbopack
Create a page.tsx file, not with use Client
Add to generatedMetadata a call to getUrl (Use the utility I have below so it uses the /server one
Be unauthenticated

Code Snippet

// Put your code below this line.
export const storage = defineStorage({
  name: "Bucket",
  isDefault: true,
  access: (allow) => ({
    "images/{entity_id}/*": [
      allow.entity("identity").to(["read", "write", "delete"]),
      allow.guest.to(["read"]),
      allow.authenticated.to(["read"]),
    ],
  }),
  triggers: {
    onUpload: compressImage,
  },
});

and this is how I call it within the generateMetadata()

export async function generateMetadata({ params }: any) {
...
const imageUrl = await getUrlSession({
    path: seedData.images.sort((a, b) => a.order - b.order)[0].fileUrl,
  });
...
}

and this is my util for getting server side urls

import { getUrl } from "aws-amplify/storage/server";

export async function getUrlSession(fileUrl) {
  try {
    const url = await runWithAmplifyServerContext({
      nextServerContext: { cookies },
      operation: (contextSpec) => getUrl(contextSpec, fileUrl),
    });
    return url;
  } catch (error) {
    console.error(error);
  }
}

Log output

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

[cwomack]

Hello, @itsRares 👋 and thanks for opening this issue. The error that you're seeing of "Unauthenticated access is not supported for this identity pool." is usually associated with changes to IAM permissions, using different backend resources, etc. I know you mentioned you made no changes to your configuration, but can you check to ensure the both the auth and unauth (guest) roles for the identity pool have the permissions needed? This doc may be of assistance as well, but let us know if you check this and the issue persists.

[itsRares]

Hey @cwomack Thanks for getting back so quick. I followed the doc and oddly for some reason the identity pools had guest access as inactive. I activated it again and it is working now! Thanks for the help 😄

Is there a misconfiguration on my end or something I could have done wrong which could have caused it to go to inactive? So I know not to trigger it again.

I saw this article https://docs.amplify.aws/nextjs/build-a-backend/auth/concepts/guest-access/ but my backend did not have that, and it says "Amplify Gen 2 enables guest access by default"