In this recipe, we created groups from the console. We can also create groups from the CLI using the following command:
aws cognito-idp create-group
--group-name 'Admins'
--user-pool-id us-east-1_Q1cydt6I0
--description 'Admins Group'
--profile awssecadmin
We can add a user to a group from the CLI with the following command:
aws cognito-idp admin-add-user-to-group
--user-pool-id us-east-1_Q1cydt6I0
--username testuser4
--group-name Admins
--profile awssecadmin
We can list the groups for a user as follows:
aws cognito-idp admin-list-groups-for-user
--username testuser4
--user-pool-id us-east-1_Q1cydt6I0
--profile awssecadmin
This will give a response similar to the one shown here:
From the application, we can check for a user's groups and then provide special privileges.