AWS IAM Policy that allows a Cognito User to update their own Pinpoint token ID

Hello,

I am working on implementing push notifications for our end-user app (iOS only right now), and I am looking to write a policy that allows the currently logged in Cognito User to update their own Pinpoint Endpoint with their token ID for APNS.

Right now there is a 1-1 relationship between Pinpoint Apps and Cognito User Pools, so I'd like for users to be able to call updateEndpoint to update with their token ID for APNS. In pseudo-code, I'd like a policy that allows

• mobiletargeting:updateEndpoint
• condition:
  • cognito user (or identity) == endpoint

Do you have any good ways to go about this? For what it's worth, we are not using Amplify, and we are using Flutter as the front-end.