Role-based access control using Amazon Cognito and an external identity provider

First visit When a user visits the web application at the first time, the flow is as follows: The client side of the application (also referred to as the front end) uses the AWS Amplify JavaScript library (Amplify.js) to simplify authentication and authorization.

Read full article on AWS Security Blog