or AppSync APIs in more complex authorization schemes (multi-tenant, multi-many-to-many), using just 'owner' and 'group' settings for the @auth directive provided by Amplify starts to get tricky. Well don't throw in the towel quite yet- there's still hope!