How to manage multiple groups in amplify
There is no "clear" way to handle multiple groups of users and letting those users manage for themselves.
This article will be a 2 min read.
This blog post was last updated on: 12/8/2023.
In my day to day job there is a problem with Amplify that we need to solve, There are organizations and there are 3 groups of users, admins, editors & readers.
The admins can assign other roles. There are the editors, they can modify all of the documents in that group. Last but not least, there are the Readers, as the name implies, they can only read the documents of their group.
AWS documentation
There are many things that I don’t know about AWS and one in particular that caught me by surprise. While creating the cognito groups there is something called precedence. The precedence is the group that will take priority; for example: you are in a group Admins & ${ORG1}-reader, if you want to modify a document. It will allow you to change it ONLY** in the precedence of Admins is lower than ${ORG1}-reader.
Depending on the size of your app this can work great or don’t, depends on the usecase. Right now AWS Cognito allows 10,000 of groups per user pool. This is great for up to 3,332 groups.
Let’s build it in Amplify
First this is the schema that we are going to use:
Modify the graphql schema
Modify the VTL for dynamic grouping
Create group API
Disable createOrg to only Admins
This blog post was last updated on: 1/17/2024.