What if we want to divide the users into admins and users, where only admins can perform CRUD operations and users can only Read. In that case, how do we define IAM roles?.
In my mind, you’d drop down to CDK, and define roles manually using @aws-cdk/aws-iam module · AWS CDK, and add any permissions you’d like to them.
Those users and their containing policy data can be used by CDK/SST in different ways. If you provide more context maybe that can be answered further 