Has anyone created/investigated Plone PAS plug-in for Amazon AWS Cognito?

For almost a decade we've leveraged Plone instances to run like app-engines (custom plugins integrated with content).
To separate the 'apps' out of one monolithic Plone instance we want to use Amazon's AWS Cognito which provides UserPools and single-sign-on to modern apps and a solid API.
I'm presuming that even if we used Volto with headless Plone we'd still need PlonePAS to do the authentication.

I failed to find anything when I searched for plug ins, so I'm wondering if anyone has tried to integrate Cognito with Plone?

Authentication is handled on the backend and yes, it would require a PAS plugin for Cognito.

I am not aware of a Cognito PAS plugin but writing a PAS plugin is usually not that hard but debugging PAS issues and PAS plugin issues can be a major pain.

The Boto 3 module for Python and https://github.com/capless/warrant are perhaps the first place for checking integration options.

Plone Foundation Code of Conduct