The Security Team that has joined our task force told us that it is essential to have RBAC (Role-Based Access Control) properly configured in the Alien Attack architecture. We’ve tried to address this in the code, but have discovered that the version of AWS CDK that we are using doesn’t allow us to solve our problem this way unless we create a Custom Resource. Nobody on our team knows how to do this or has time to learn, so it looks like we will have to find an easier way.
You’re curious about what version of the AWS CDK we are using that causes this roadblock, so you navigate to the terminal in the Cloud9 console and enter the following command: cdk --version
. What output do you see?
We’re in luck! One of the SysAdmins has a playbook to implement RBAC for our application. She has just sent over the guidance. Let’s try to leverage it.
What are we fixing? The Identity Pool configuration is missing the configuration of the roles for both of your groups (Managers and Players/Gamers). We need to attach the proper roles to the user when the user signs in to the application.
Let’s take a look at the playbook we received.
cognito:preferred_role
.<YourEnvironmentName>ManagersRole
. (Check for typos and use uppercase for the “YourEnvironmentName” part. If your environment name is r2d2, the role name should look like R2D2ManagersRole.cognito:preferred_role
.<YourEnvironmentName>PlayersRole
. (Check for typos and use uppercase for the “YourEnvironmentName” part. If your environment name is r2d2, the role name should look like R2D2PlayersRole.