A quick tip on aws S3 permissions to a specific folder in a bucket.

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::nameofmybucket/profile/*"
]
}]
}

Try to avoid bucket root level permission as much as possible. Also, try to use cognito if the client wants to directly access aws resources.