Configure Authorization on AWS Amplify

Instructor: [0:01] Now, we'll add authentication. Click on the Enable Authentication button. You can configure your authentication to have different login mechanisms and multi-factor authentication. You can also add different attributes to collect on sign-up and change your password protection settings. I'm just going to deploy the default configuration.

[0:20] Once authentication is deployed, we'll add in authorization rules. Go back to Home and then view your data model. You can add authorization rules to each model. First, click on the Blog model. On the right-hand panel, configure Authorization Rules. Select the dropdown for anyone authenticated with the API can create, read, update, and delete Blog.

[0:41] We don't want signed-out members to be able to perform all these actions. We'll uncheck Create, Update, and Delete. That will make it so that un-signed-in users can read blogs, but they can't modify them.

[0:54] Then, click the Add Authorization Rule dropdown. We will allow admin users to perform all actions on a blog. Under Specific Group, select Create New. We'll title our group Admin. Create your group, then select the Admin group. The Admin group will be able to perform all actions on a blog.

[1:17] Switch over to the post model. We don't want anybody to be able to modify a post. Uncheck Create, Update, and Delete.

[1:25] We'll allow signed-in users to be able to create posts. Select any signed-in users and then unselect Update and Delete. Then, we want the owner of a post, so the person who made it, to be able to update and delete that post that they created. We'll toggle on Enable Owner Authorization. Select Update and Delete. We'll save and deploy.

[1:54] We've successfully enabled and deployed authentication for our application and edit authorization rules to our data models.