Per the documentation for custom authorizers the policy document returned from from the custom authorizer is for the ENTIRE API. I would have thought disabling caching in the custom authorizer would have solved this issue, however it doesn't seem to, in any case disabling caching isn't recommended for custom authorizes for performance reasons (always calling at least 2 lambdas). My solution was to implement different custom authorizers for each endpoint. Some of these issues are discussed here https://forums.aws.amazon.com/thread.jspa?threadID=225934&tstart=0
Per the documentation for custom authorizers the policy document returned from from the custom authorizer is for the ENTIRE API. I would have thought disabling caching in the custom authorizer would have solved this issue, however it doesn't seem to, in any case disabling caching isn't recommended for custom authorizes for performance reasons (always calling at least 2 lambdas). My solution was to implement different custom authorizers for each endpoint. Some of these issues are discussed here https://forums.aws.amazon.com/thread.jspa?threadID=225934&tstart=0