I created a Serverless Application using AWS Services (S3, Lambda, Cognito, DynamoDB) and the serverless framework with ReactJS by following this tutorial https://serverless-stack.com/. The Tutorial uses AWS Cognito User Pool and Identity Pool for User Management and Authentication Purposes. The application in the tutorial is a "Note-Taking" Application which doesn't have Role Based Access Control within the Application.
However the Application that I am creating requires RBAC and after reading about it, I have understood that RBAC can be implemented either using the "User Groups" or the "Federated Identities". However, I could not still figure out how to properly use either of those in my application.
This is what I have done in the Application till now
Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::YOUR_S3_UPLOADS_BUCKET_NAME/${cognito-identity.amazonaws.com:sub}*"
]
},
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:YOUR_API_GATEWAY_REGION:*:YOUR_API_GATEWAY_ID/*"
]
}
]
}
This allows everyone to access all the APIs. How do I assign role to each user and then restrict the access to certain APIs based on their Role?
There's a few ways to do it; more to the point, you don't need an identity pool at all.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With