For APIs, the best approach is to use OAuth scopes as much as possible because this blog uses AWS IAM permissions which is not an industry standard. It is fine to use AWS IAM permissions to control access for AWS specific resources like s3 bucket. But, for APIs, it is always better to use OAuth scopes.
I have not tried creating AWS IAM roles for API access. You can take a look at this documentation https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html. You might have to create multiple roles to control access to different APIs and map the incoming role to a specific AWS IAM role during authentication. Again, this is not the ideal approach.