fix: cognito users in a group cannot access their own files in s3

[iankhou]

Problem

If an authenticated user is in a group, it is impossible to set up owner-based access rules for storage without specifying the same-level group permission. This means app owners have to sacrifice either confidentiality (by adding permissions to files by group) or availability (by disallowing users from reading/modifying their own files, when those files are accessible to a group).

Issue number, if available: #1771

Changes

Coalesced permissions for individual identities and groups, to allow identities that belong to a group to access their own files.

Corresponding docs PR, if applicable:

Validation

Added unit tests. Pending validation by hand.

Checklist

• If this PR includes a functional change to the runtime behavior of the code, I have added or updated automated test coverage for this change.
• If this PR requires a change to the Project Architecture README, I have included that update in this PR.
• If this PR requires a docs update, I have linked to that docs PR above.
• If this PR modifies E2E tests, makes changes to resource provisioning, or makes SDK calls, I have run the PR checks with the run-e2e label set.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[changeset-bot]

🦋 Changeset detected

Latest commit: 1018471

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@aws-amplify/backend-storage	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR