This article is part four of a series on Amazon Verified Permissions, presenting a complete working architecture for a GraphQL API hero management system. The solution integrates Amazon Verified Permissions, Amazon Cognito, Amazon AppSync with JavaScript resolvers, and Amazon DynamoDB. It uses the BatchIsAuthorized API to handle authorization decisions for all queries and mutations simultaneously. The infrastructure is managed using OpenTofu/Terraform, with TypeScript powering the Lambda Authorizer and JavaScript resolvers. Role-based access control is implemented through Cedar policies, where admins can perform all actions while regular users have restricted access. The article walks through deployment steps, testing with Cognito users, and experimenting with the AppSync Queries tool. The architecture provides a solid foundation for role-based access control, with optional caching available to improve performance and reduce costs.