Using AWS AppSync (with amplify), how does one allow authenticated users read-only access, but only allow mutations for object owners?

I’m using Cognito User Pools as the default authentication method. I’m also using iam for my lambda backend. I’m using an aws appsync client in the lambda function for some custom resolvers. let’s assume I have a User object type that fundamentally looks like this: type User { id: ID! displayName: String! } What I […]