Reputation: 168
User Roles in Amazon Cognito
I have a Jhipster application that is authenticated with the Amazon Cognito. The users that can access this application are those that dont have access to the AWS Resources therefore I moved with user pools instead of Identity pools. Please let me know on how to assign roles that are not related to the Amazon IAM cause wherever I refer to roles in cognito all are mentioning the following website Link Here
Please let me know on an alternative way I can maintain roles
Upvotes: 9
Views: 20503
Answers (1)
Reputation: 198
You can use Groups for Cognito User Pools to establish a minimalistic Role-Based-Access-Control. Since the cognito groups can be found in the JWT, you can handle your users depending on the group they are in:
"cognito:groups": [
"Admin",
"User"
]
A user can be in one or more group (AWS hard limit: 25) and you can have up to 500 groups for each User Pool. For more information please look at: Limits in Amazon Cognito
Additionally, each group must have an IAM role. You can specify the permissions for the user there or just handle it with different groups.
Upvotes: 14
Related Questions
- Multiple roles using @PreAuthorize
- Spring security on endpoint using Cognito IAM role?
- Amazon Cognito Oauth2 with Spring Security
- Jhipster - check Role of a User
- jhipster fine grain authorization, remove ROLE based authorization
- Jhipster new Roles - Full authentication is required
- Using ROLES in jhipster?
- Roles in Jhipster 4
- Jhipster get user oauth
- Setting up new default Roles in jhipster