Is there a way to connect an Appsync resolver to an API gateway endpoint that's authorized via Cognito userpools?

Question

I have an existing API Gateway endpoint that is secured by a Cognito userpool authorizer. I'm not able to change the authorization method at this time. I would like to reuse this endpoint in an AppSync resolver. It looks like I can access IAM-authorized endpoints without too much trouble, but I'm not sure if that will work for a Cognito-secured endpoint. I would prefer to avoid using a Lambda resolver to reach the API Gateway endpoint, as I've had latency issues with Lambda cold starts in the past.

Spitballing - one idea is to secure the AppSync endpoint with the same Cognito userpool, extract the JWT token, and then pass that token onto the Cognito-secured API gateway endpoint. In this case, Appsync basically acts a proxy for the API Gateway endpoint.

Would that work? I'm also curious about other approaches, if any.