From the description it sounds like the solution will involve Cognito, API Gateway, and Lambda with the ability to reference/write SQL for additional information.
I have recently being doing development with these components, using Node.js for the Lambda functions, including authenticating the API with Cognito where necessary.