So to state the obvious, lambda is not at this time HIPAA compliant. API Gateway (without caching) and cognito are HIPAA compliant. API Gateway allows the use of lambda functions, e.g. for authentication.
My confusion lies that the only clarification under API Gateway is "it is hipaa compliant unless you cache data", but they do not mention anything about lambda. Does this imply we can indeed use lambda only within the API Gateway world, to communicate to cognito?
Since Lambda is not a HIPAA Eligible Services currently, your application will not be HIPAA compliant if you are using Lambda as the backend integration.