If a Lambda is invoking another lambda, what's the safest way to send user info / decoded token auth payload? I have an API gateway route that has a cognito authorizer, that invokes Lambda A, which then invokes Lambda B, and Lambda B needs the user info / decoded token.

There isn't a serious issue passing that data straight through to Lambda B

How can I ensure it's only invokable by Lambda A?