0

I'm looking into AWS Amplify and bumped into Amazon Cognito.

It deals with the authentication part pretty well, but I'm struggling to understand how app authorization works (i.e. what my users can/can't do within my app).

Does anyone know how may I approach setting up RBAC (Role-Based Access-Control) with Cognito User Pools (not Identity Pools)?

I want to be able to let my admin users easily manage & assign other users into roles (not IAM roles). A role may have multiple permissions to indicate what it could do within my app.

Something similar to this (taken from Laravel Backpack Permission Manager repo):

enter image description here

MTran
  • 1,799
  • 2
  • 17
  • 21
  • Cognito have Group concept. You can group users into multiple groups such as Admin, Developer, ... And apply roles on top of them – Nghia Do Aug 11 '20 at 01:34
  • Yes, it does, but I can't attach permissions to groups, only an IAM role. Unless I can attach custom app permissions to the IAM role itself? The app permissions could be something like `view app logs`, which lets you view logs from a private server, rather than logs in AWS. – MTran Aug 11 '20 at 01:47
  • Did you ever figure out how to do this? I’m trying to do role based access for each project in my app. So there will be a team for each project. Amplify makes it easy to do role based access across the whole app, but not at a project level. – Michael Brant Apr 05 '21 at 15:27
  • Sadly, I haven't figured out how to do this yet. – MTran May 22 '21 at 23:13

0 Answers0