I work at a large enterprise and have been challenging our architects on AWS Cognito JWT implementations. The OAuth implementation indicates to never use the ID token when sending to the resource server (https://oauth.net/2/access-tokens/). I have found this same recommendation through other providers as well such as Microsoft, Okta, and Auth0. However, the AWS Cognito team seems to clearly indicate it's ok to use the ID token (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-id-token.html), "The ID token can also be used to authenticate users to your resource servers or server applications."
Our architects are adamant that AWS is the sole authority here, but I want to understand why AWS seems to recommend using the ID token when I can't find recommendations anywhere else.