I'm creating a serverless backend using AWS (Lambda, Cognito, API Gateway, DynamoDB, and S3).
I have a Users Table on DynamoDB and an API (Lambda and API Gateway) for accessing that data. I want to grant access to the table at row level, based on the Cognito user credentials.
How can I do this? Should I use IAM policies or should I check if the id from Cognito is equal to the DB Table row id inside the Lambda?