DynamoDB and row-based IAM access control

I am building a service for a web application. I am planning to use Lambda + DynamoDB, and Serverless framework looks like a good way to manage those. DynamoDB allows for fine-grained row level and column level access control: Using IAM Policy Conditions for Fine-Grained Access Control - Amazon DynamoDB

I am using AWS Cognito for auth, and would like to use the Cognito user tokens for scoping row-level access. How can this be configured with Serverless? I cannot find comprehensive docs for what the serverless.yml file supports for services.