You could use the API Gateway built-in support for API keys. There is a soft limit of 500 which can be increased by request but Iām not sure what the hard limit is. Perhaps talk to AWS first to make sure the hard limit is inline with your requirements. You could programmatically add new API keys using the post confirmation trigger in your Cognito User Pool.
If the API Gateway limits are too low then you could use a custom authorizer instead.