From 49e7b4128e76a805dbf2732194b5386400fcd01c Mon Sep 17 00:00:00 2001 From: ykethan Date: Mon, 3 Feb 2025 16:24:27 -0500 Subject: [PATCH 1/2] update reference auth with groups --- cspell.json | 1 + .../use-existing-cognito-resources/index.mdx | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/cspell.json b/cspell.json index ef3e3d53619..d4d087165c3 100644 --- a/cspell.json +++ b/cspell.json @@ -247,6 +247,7 @@ "aws-sdk-ios", "aws.cognito.signin.user.admin", "aws", + "Authadmin", "AWSAPI", "AWSAPIGateway", "AWSAPIPlugin", diff --git a/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx b/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx index ceb0aa498c6..125719bee1b 100644 --- a/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx @@ -150,6 +150,24 @@ export const auth = referenceAuth({ }); ``` +Additionally, you can also use the `groups` property to define groups created in the user pool. This is useful if you want to work with groups in your application and provide access to resources such as storage based on group membership. + +```ts title="amplify/auth/resource.ts" +import { referenceAuth } from '@aws-amplify/backend'; +import { getUser } from "../functions/get-user/resource"; + +export const auth = referenceAuth({ + userPoolId: 'us-east-1_xxxx', + identityPoolId: 'us-east-1:b57b7c3b-9c95-43e4-9266-xxxx', + authRoleArn: 'arn:aws:iam::xxxx:role/amplify-xxxx-mai-amplifyAuthauthenticatedU-xxxx', + unauthRoleArn: 'arn:aws:iam::xxxx:role/amplify-xxxx-mai-amplifyAuthunauthenticate-xxxx', + userPoolClientId: 'xxxx', + groups: { + admin: "arn:aws:iam::xxxx:role/amplify-xxxx-mai-amplifyAuthadminGroupRole-xxxx", + }, +}); +``` + In a team setting you may want to reference a different set of auth resources depending on the deployment context. For instance if you have a `staging` branch that should reuse resources from a separate "staging" environment compared to a `production` branch that should reuse resources from the separate "production" environment. In this case we recommend using environment variables. ```ts title="amplify/auth/resource.ts" From 0b4f171c2a716c801f71ec80489c450798282c96 Mon Sep 17 00:00:00 2001 From: Kethan sai Date: Tue, 4 Feb 2025 11:19:13 -0500 Subject: [PATCH 2/2] Update src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx Co-authored-by: Amplifiyer <51211245+Amplifiyer@users.noreply.github.com> --- .../auth/use-existing-cognito-resources/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx b/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx index 125719bee1b..4902c716ee2 100644 --- a/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/use-existing-cognito-resources/index.mdx @@ -150,7 +150,7 @@ export const auth = referenceAuth({ }); ``` -Additionally, you can also use the `groups` property to define groups created in the user pool. This is useful if you want to work with groups in your application and provide access to resources such as storage based on group membership. +Additionally, you can also use the `groups` property to reference groups in your user pool. This is useful if you want to work with groups in your application and provide access to resources such as storage based on group membership. ```ts title="amplify/auth/resource.ts" import { referenceAuth } from '@aws-amplify/backend';