I have a private policy generated by Amplify CLI for S3 that allows Put and Get for /private/${cognito-identity.amazonaws.com:sub}/* for a signed in Cognito User Pool user. Great. Now I need those signed in users to also be able to access /public/* files. I updated my policy in IAM -> Roles: