AWS has launched a feature for Amazon Cognito customers to reduce the time spent securing Amazon API Gateway APIs with fine-grained access control, from weeks to days. The feature leverages Amazon Verified Permissions to manage and evaluate granular security policies that reference user attributes and groups. With a few clicks, you can enforce that only users in authorized Amazon Cognito groups have access to the application’s APIs. For example, say you are building a loan processing application, you can secure your application by restricting access to the “approve_loan” API to users in the “loan_officers” group. You can implement more fine-grained authorization, without making any code changes, by updating the underlying Cedar policy, so that only “loan_officers” above “Director” level can approve loans.
Source:: Amazon AWS