We have implemented the following AWS solution in order to publish a static html site on the internet :
https://github.com/aws-samples/cloudfront-authorization-at-edge
How can we manage to assign different authorization to different groups of the Cognito user pool?
For example:
- users in group A should see the whole site
- users in group B shouldsee the whole site except the contents of folder "private"
- users ingroup C should see only the root index.html
I know that I can create different IAM role with sperific IAM policies to attach to the cognito groups in the user pool, but I don't know what to specify in the rule, because the site is served by Cloudfront, not from the S3 bucket.