Auth0 + Amazon S3 + IAM roles

Hi,

i have question how “cooperation” between Auth0 and AWS works. If i understand it right, Auth0 Amazon addon allow me to get Amazon identity.

Now here is my “setup”:

  • All my users are managed by Auth0 + i am also using Auth0 Extension Authorization to assign them some groups/roles+permissions
  • Each Auth0 have own S3 bucket with his files and i would like to use Amazon/IAM roles to take care of access to those bucket

What i need ?

  • When i want to download/upload some file to S3 i need to have Amazon identity with IAM role which will allow me to download/upload file in S3 bucket

Question:

  • but how Amazon know which Auth0 user have which Amazon IAM role ?
  • do i need to maintain two sets of users ? (one in Auth0 for login/groups/roles/… and one in Amazon with IAM roles) ?

Please, correct me in any of “statements” above - i guess i just not fully understand how Auth0 <-> Amazon “works”

Thank you very much,
Martin