fix(scripts): add missing RBAC resources to GovCloud removal list

Author: Bob Strahan

CHANGELOG.md

@@ -5,6 +5,10 @@ SPDX-License-Identifier: MIT-0
 
 ## [Unreleased]
 
+### Fixed
+
+- **GovCloud template: fix unresolved RBAC resource dependencies** — Added `AuthorGroup`, `ViewerGroup`, `GetMyProfileResolver`, and `UpdateUserResolver` to GovCloud removal lists so they are stripped alongside the `UserPool` they depend on.
+
 ## [0.5.2]
 
 ### Added

scripts/generate_govcloud_template.py

@@ -69,6 +69,8 @@ def __init__(self, verbose: bool = False):
             'CognitoAuthorizedRole',
             'AdminUser',
             'AdminGroup',
+            'AuthorGroup',  # RBAC author group - depends on UserPool
+            'ViewerGroup',  # RBAC viewer group - depends on UserPool
             'ReviewerGroup',  # HITL reviewer group - depends on UserPool
             'AdminUserToGroupAttachment',
             'GetDomain',  # This depends on Cognito UserPoolDomain - remove it
@@ -136,7 +138,10 @@ def __init__(self, verbose: bool = False):
             'CompleteSectionReviewResolver',
             'SkipAllSectionsReviewResolver',
             'ClaimReviewResolver',
-            'ReleaseReviewResolver'
+            'ReleaseReviewResolver',
+            # RBAC resolvers - depend on GraphQLApi, APPSYNCSTACK, and UserManagementDataSource
+            'GetMyProfileResolver',
+            'UpdateUserResolver'
         }
 
         # Knowledge Base resources (not supported in GovCloud due to S3 Vectors service unavailability)