这是不可能的.它需要 IAM 角色能够从任何认知用户池中识别自定义属性.不过，这是一个有趣的功能，将与团队讨论.

This is not possible. It would require IAM roles to be able to identify custom attributes from any cognito user pool. It's an interesting feature though, will discuss it with the team.

但是，作为替代方案，您可以查看 Cognito 身份和角色库访问控制

However, as an alternative you can look at Cognito identities and role base access control

http://docs.aws.amazon.com/cognito/latest/developerguide/role-based-access-control.html