I am using cognito for authentication of my API.
According to my understanding, we defined IAM role in serverless.yml file to limit access to aws resource from API. So, do we still need to create identity pool and link with user pool.
What I want to do is that, I want to create different level of user to access the API? According to this resource (https://aws.amazon.com/blogs/mobile/building-fine-grained-authorization-using-amazon-cognito-user-pools-groups/), creating cognito identity pool is the solution. Is there any other way we can do that?