Create Basic Role Based Access Control Example

[simonireilly]

Role-based access control (RBAC)

In role-based access control, a user would be restricted to a set of operations that can be performed by their role.

Examples from Yan Cui: https://theburningmonk.com/2021/03/how-to-secure-multi-tenant-applications-with-appsync-and-cognito/

Goals

• On organizations sign up an Owner role is created #6
• The Owner role can add more users that have roles: #7
  • Admin
  • Member

It should be possible to control the access these users have to the data, in tables, and API's

[mnsuccess]

@simonireilly Can we use Amazon Verified Permissions for RBAC
https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-verified-permissions-generally-available/