Thanks for a great post 
What are your thoughts on the next stage options - Using Cognito Groups/Roles to give finer control access to the APIs. Some users have Get access and some have post? and how could this get surfaced going forward - Visible audits of API access layer?
thanks
Julian