I would appreciate a guide that lightly touches on...
# guide
I would appreciate a guide that lightly touches on handling different levels of users. For example admin, superuser, customer. I could see how this is maybe our of scope
Its not a guide but i can write something. The idea is: Cognito identity pool maps the user identity based on user group in cognito user pool setting the IAM policy of that for the user identity. So you’ll be able to write an IAM policy for each type of user. Also there is a way of creating a in-line policy when authenticating the user. I’ve used a mix of these approaches in serverless framework projects. And it works very well. Also its possible to add policies to allow the user to interact with specific items in dynamodb: like admins can write, Normal users can only read specifics primary keys, etc. I can try to create a demo of this in the next week. I also can write about multi-tenant application using a mix of these a approaches
@Frank @thdxr
I would absolutely read that guide if you made it.
I know how to put users in group using a post auth hook. Or at least I've done it once so I think I could do it again
Hey @Gabriel Araújo, I was looking at ur PR and realized that I must have missed this thread earlier. Yeah, an example would be awesome. Btw, with this setup, is the IAM credentials mapped to the user pool group of the logged in user obtained on the frontend? (ie. the mapped IAM credentials has
permission, the logged in user can upload files to S3 directly from the frontend right?)
Yep! Is the role you put in the group of the user pool. If the user has no group it defaults to authenticated the one you put in the identity pool. And if it's not logged it defaults to unauthenticated. Yes. It will be able to upload from the browser to s3 directly if the group/role can do it. I can try build an example this week. I’ll ping you later this week.
As well as call a specific endpoint. E.g. Users in admin group would be able to call /admin
Thanks @Gabriel Araújo! Even a raw snippet would work. And we can turn that into a doc/example.