Starting today, the Amplify CLI enables developers to create Amazon Cognito User Pool Groups and configure fine grained permissions on these groups for accessing underlying backend resources such as Amazon Simple Storage Service (S3) buckets, Amazon API Gateway REST endpoints, and AWS AppSync GraphQL APIs. When a group is created, the CLI creates policies for permissions based on your input and attaches the policies to an IAM role associated to the group. You can also set group precedence through the CLI when a user is part of multiple groups, as a user can only receive one set of credentials at a time. Precedence removes any possible ambiguity of what credentials will be received.
In addition, developers can now easily add user management admin tasks—such as listing users, adding/removing users, enabling/disabling users, signing out user—to their mobile and web applications through a REST endpoint set up by the Amplify CLI. The customizable REST endpoint is powered by API Gateway, which securely accesses Lambda to invoke a route and perform the requested admin tasks.