Thirumal
Reputation: 9606
How to implement RBAC (Role-Based Access Control) in AWS Cognito with Serverless Lambda functions?
How to implement RBAC (Role-Based Access Control) in AWS Cognito with Serverless Lambda functions?
Most of the tutorial explains, attach IAM roles/policies and API Gateway,
Eg: http://12.in/list/employees
The above authorization works well, the system is only for one subscriber/organization.
How to implement the authorization in multiple subscriber/organization environments?
http://12.in/list/{org_id}/employees
Is it possible with Cognito?
Upvotes: 0
Views: 976
Answers (1)
Andrew Gillis
Reputation: 3885
You can safely authorize with any of the claims you include in the token. That offers two places to easily add your user-to-org mapping.
- As a custom user attribute (make sure it is immutable).
- As a custom claim in a pre-token-generation trigger.
Upvotes: 1
Related Questions
- Shared Lambda authorizer setup in Serverless Framework
- Cognito authorizing a user through AWS lambda function
- Authorization code grant in lambda AWS with Serverless Framework
- Cognito user pool authorizer With Serverless Framework
- Unauthenticated and authenticated APIs using Cognito
- How can i implementation RBAC in Aws Cognito with Amazon Cognito Identity Js
- Using Serverless, how do you set a Lambda function's authorizer to a Cognito User Pool from the Resources?
- Serverless Framework with server-side authentication and Cognito
- Implement Role Based Access Control using AWS Cognito with Serverless
- aws cognito rbac like permission handling