I am making a app that requires to scope the users to a specific access level.
For Example there are Three groups
Admin FUll CRUD
Teacher Table Specific permissions
Student Table Specific permissions
While Admin will be created From the Console and that admin will create Teachers accounts.
When anyone signs up to the app I need them to be put in a Students Group by default.
Using the Amplify CLI when adding the auth category in the default or manual workflow you can setup a lambda trigger to add a user to a cognito group automatically upon signup.
Walk through the options until you reach this step and select Add User to Group:
$ Do you want to enable any of the following capabilities?
❯ ◯ Add Google reCaptcha Challenge
◯ Email Verification Link with Redirect
◯ Add User to Group
◯ Email Domain Filtering (deny list)
◯ Email Domain Filtering (allow list)
◯ Custom Auth Challenge Flow (basic scaffolding - not for production)
◯ Override ID Token Claims
See this section of the CLI documentation for more details: Set up lambda triggers