First you should check your User Pool User and see if the attributes you want as claims exist on the User Pool entry. You may have only created a User Pool User with Sub and Email (No additional attributes). Then check the claims on your Cognito issued ID Token, it should contain the attributes for your User. You can check it in your application code after authenticating. You can enable detailed metrics in API Gateway to give you more logs and check them on CloudWatch. You can try setting up your authorizer to check any claims on the AccessToken (Not the ID token) as requests come through. (Authorization == checking Access Token claims)