I need two user groups that have different permissions/routing based on the type of account they sign up under.
Should I create one user pool and separate into two groups then assign to different identity pools based on group membership? Should I create two separate user pools? Or should I just have one user pool and assign to identity pools some other way? How do I automatically set groups/pools at signup?
Finally, how would I go about configuring this in Amplify.configure and implementing in signup? IE right now I have: Amplify.configure({
Auth: {
mandatorySignIn: false,
region: config.cognito.REGION,
userPoolId: config.cognito.USER_POOL_ID,
identityPoolId: config.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: config.cognito.APP_CLIENT_ID
},
How would I configure multiple pools/groups?
The easiest and arguably the best way to go about this is using the cognito groups. For every goup that you add, a new role is created to which you can attach whatever policies you require. In Identity pool make sure you select "Choose role from token" under authentication providers and Authenticated role selection.
You have to write your own backend logic to add a user to group.