Restrict lambda resolver to owner for GraphQL API using Amplify

In my schema.graphql file I have the following model and mutation:

type Profile @model @auth(rules: [
    { allow: private, operations: [read], provider: userPools },
    { allow: owner, provider: userPools }
    ]) @aws_iam @aws_cognito_user_pools
    {
    id: ID! @primaryKey @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ])
    name: String! @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ])
    about: String
    links: [Link] @hasMany
    owner: String @index(name: "byOwner", queryField: "listProfileByOwner", sortKeyFields: ["name"])
}

type Mutation {
    updateProfileLambda(profile: UpdateProfileLambdaInput): Profile 
        @aws_cognito_user_pools
        @function(name: "UpdateProfile-${env}")
}

I created the lambda function to perform custom validation before updating. The problem is that any authenticated user can update other user profiles. I thought adding @aws_cognito_user_pools would resolve this, but it doesn't.

Question: What do I need to add to lock down the updateProfileLambda function so that it can only be successfully called by the owner of the Profile model?

For some more context, I followed this tutorial to create the custom mutation lambda function: https://www.theclouddeveloper.io/use-lambda-resolvers-in-your-graph-ql-api-with-aws-amplify