SOLVED.
I was able to reference an explicitly declared authorizer. In my cognito-user-pool.yml file I added the MyApiGatewayAuthorizer section, ending up with
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: company-${self:custom.stage}-user-pool
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
MyApiGatewayAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
AuthorizerResultTtlInSeconds: 10
IdentitySource: method.request.header.Authorization
Name: MyCognitoAuthorizer
RestApiId:
Ref: ApiGatewayRestApi
Type: COGNITO_USER_POOLS
ProviderARNs:
- {"Fn::Join": ["", ["arn:aws:cognito-idp:", {Ref: "AWS::Region"}, ":", {Ref: "AWS::AccountId"}, ":userpool/", Ref: CognitoUserPool]]}
and in my function event definition, I specified the authorizer as such:
events:
- http:
path: target
method: get
cors: true
authorizer:
type: COGNITO_USER_POOLS
authorizerId: { Ref: MyApiGatewayAuthorizer }
This worked for me. I hope it can help someone else!