## Check authorization
#set ($isAllowed = false)
#set ($userGroups = $util.defaultIfNull($ctx.identity.claims.get("cognito:groups"), []))
#set ($allowedGroups = ["AdminGroup","ManagerGroup","EngineerGroup","AssociateGroup"])
#foreach ($userGroup in $userGroups)
  #if ($allowedGroups.contains($userGroup))
    #set ($isAllowed = true)
    #break
  #end
#end

## Throw authorized if the user is not authorized.
#if ($isAllowed == false)
  $util.unauthorized()
#end

$util.toJson(null)