Amplify-cli: Best way to add a custom role to a group (eg. "Admin") in a cognito userpool group generated by Auth?

Created on 26 Aug 2019  路  3Comments  路  Source: aws-amplify/amplify-cli

Note: If your question is regarding the AWS Amplify Console service, please log it in the
official AWS Amplify Console forum

* Which Category is your question related to? *
Mainly Auth, but also Storage related

* What AWS Services are you utilizing? *
Cognito federated identity pools and S3.

* Provide additional details e.g. code snippets *
My goal is to grant users in an "Admin" cognito group the ability to access all S3 objects. I believe that the best way to do this is by attaching a role to the "Admin" group in the cognito userpool, and I'm curious:

A. Will the role grant permissions in addition to the permissions granted to all members of the cognito group, or will it become the only source of permissions for any user in that group?

and

B. What is the best way to add this role into the Amplify framework?

auth enhancement
Source
picture ajhool

Most helpful comment

We are actively working on this as part of: https://github.com/aws-amplify/amplify-cli/issues/766

There are three final pieces of this RFC:

  • Admin Queries to perform actions like list users, add user to group, etc.
  • Creation of User Pool Groups and setting the priorities, as well as attaching Roles to the Groups.
  • Ability to configure custom Rules/Roles when JWT tokens are passed to Identity Pools.

We've got about half of this code done, and are trying to get it released next month after testing and further UX validation.

cc @kaustavghosh06

picture undefobj on 26 Aug 2019
👍2

All 3 comments

We are actively working on this as part of: https://github.com/aws-amplify/amplify-cli/issues/766

There are three final pieces of this RFC:

  • Admin Queries to perform actions like list users, add user to group, etc.
  • Creation of User Pool Groups and setting the priorities, as well as attaching Roles to the Groups.
  • Ability to configure custom Rules/Roles when JWT tokens are passed to Identity Pools.

We've got about half of this code done, and are trying to get it released next month after testing and further UX validation.

cc @kaustavghosh06

undefobj picture undefobj on 26 Aug 2019
👍2

Brilliant, thanks.

ajhool picture ajhool on 26 Aug 2019

This has now been released:

https://aws-amplify.github.io/docs/cli-toolchain/quickstart#group-management
https://aws-amplify.github.io/docs/cli-toolchain/quickstart#group-access-controls
https://aws-amplify.github.io/docs/cli-toolchain/quickstart#administrative-actions

undefobj picture undefobj on 31 Oct 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

davo301 picture davo301  路  3Comments
jexh picture jexh  路  3Comments
adriatikgashi picture adriatikgashi  路  3Comments
kstro21 picture kstro21  路  3Comments
jeanpaulcozzatti picture jeanpaulcozzatti  路  3Comments