Restrict lambda resolver to owner for GraphQL API using Amplify

Question

In my schema.graphql file I have the following model and mutation:

```
type Profile @model @auth(rules: [
    { allow: private, operations: [read], provider: userPools },
    { allow: owner, provider: userPools }
    ]) @aws_iam @aws_cognito_user_pools
    {
    id: ID! @primaryKey @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ])
    name: String! @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ])
    about: String
    links: [Link] @hasMany
    owner: String @index(name: "byOwner", queryField: "listProfileByOwner", sortKeyFields: ["name"])
}

type Mutation {
    updateProfileLambda(profile: UpdateProfileLambdaInput): Profile 
        @aws_cognito_user_pools
        @function(name: "UpdateProfile-${env}")
}
```

I created the lambda function to perform custom validation before updating. The problem is that any authenticated user can update other user profiles. I thought adding `@aws_cognito_user_pools` would resolve this, but it doesn't.

**Question**: What do I need to add to lock down the `updateProfileLambda` function so that it can only be successfully called by the owner of the Profile model?

For some more context, I followed this tutorial to create the custom mutation lambda function: https://www.theclouddeveloper.io/use-lambda-resolvers-in-your-graph-ql-api-with-aws-amplify

Answer

Seems like this workflow is not possible yet, see thread here: https://github.com/aws-amplify/amplify-category-api/issues/528

Restrict lambda resolver to owner for GraphQL API using Amplify

Relevant questions

How to achieve multiple Graphql endpoints