As discussed in Chapter 5, Federated and Mobile Access, Cognito user pools are scalable user directories that allow new and existing users to log in to mobile applications using the user pool, or they can alternatively federate their access via a social or enterprise IdP. Either way, a profile within the user pool is created for each and every user. These profiles contain no permissions of access to your AWS infrastructure; they purely allow the user to log in to your mobile app as a user to use the app.
With this in mind, you can configure your APIs to have a COGNITO_USER_POOLS authorizer. As a result, when this API is called, the user is authenticated via the Amazon Cognito user pool API gateway, whereby their token is validated before allowing access.