So to kind of answer my own question, I now understand that my serverless-graphql uses AWS Cognito Pools for authentication and produces the Cognito Pool identity object in which the sub field is the id, while the serverless configuration uses AWS IAM for authentication which produces a cognitoIdentityId string as the id WHICH DOES NOT MATCH the Cognito id.
Looks like Amazon did not foresee switching from IAM to Cognito Pools concurrently with existing data tables having utilized the IAM id. So I think that’s that.
I see serverless-graphql presently supports api-key and Cognito Pools for AppSync. Does it support IAM?