Access Denied Exception for API generated with CLI.

Describe the bug After creating a restricted API with amplify cli, I’m calling the API with Amplify JS and I get Access Denied exception Could not load items: AccessDeniedException: User: arn:aws:sts::92xxxxx:assumed-role/serverlessreactLambdaRolexxxxx/todos is not authorized to perform: dynamodb:Query on resource: arn:axxxxxxx. This happens for all HTTP method.

To Reproduce Steps to reproduce the behavior: Here’s the output of calling amplify add which indicates how i’ve generated the services.

? Please select from one of the below mentioned services REST
? Provide a friendly name for your resource to be used as a label for this category in the project: todosApi
? Provide a path (e.g., /items) /items
? Choose a Lambda source Create a new Lambda function
? Provide a friendly name for your resource to be used as a label for this category in the project: todosLambda
? Provide the AWS Lambda function name: todos
? Choose the function template that you want to use: CRUD function for Amazon DynamoDB table (Integration with Amazon API Gateway and 
Amazon DynamoDB)
? Choose a DynamoDB data source option Create a new DynamoDB table

Welcome to the NoSQL DynamoDB database wizard
This wizard asks you a series of questions to help determine how to set up your NoSQL database table.

? Please provide a friendly name for your resource that will be used to label this category in the project: todosTable
? Please provide table name: todos

You can now add columns to the table.

? What would you like to name this column: id
? Please choose the data type: string
? Would you like to add another column? true
? What would you like to name this column: content
? What would you like to name this column: content
? Please choose the data type: (Use arrow keys)
? Please choose the data type: string
? Would you like to add another column? true
? What would you like to name this column: dateCreated
? What would you like to name this column: dateCreated
? Please choose the data type: (Use arrow keys)
? Please choose the data type: string
? Would you like to add another column? true
? What would you like to name this column: completed
? What would you like to name this column: completed
? Please choose the data type: 
? Please choose the data type: boolean
? Would you like to add another column? false

Before you create the database, you must specify how items in your table are uniquely organized. You do this by specifying a primary key. The primary key uniquely identifies each item in the table so that no two items can have the same key. This can be an individual column, or a combination that includes a primary key and a sort key.

To learn more about primary keys, see:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.PrimaryKey

? Please choose partition key for the table: 
? Please choose partition key for the table: id
? Do you want to add a sort key to your table? false

You can optionally add global secondary indexes for this table. These are useful when you run queries defined in a different column than the primary key.
To learn more about indexes, see:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.CoreComponents.html#HowItWorks.CoreComponents.SecondaryIndexes

? Do you want to add global secondary indexes to your table? (Y/n) n
? Do you want to add global secondary indexes to your table? false
Succesfully added DynamoDb table locally
? Do you want to edit the local lambda function now? (Y/n) n
? Do you want to edit the local lambda function now? false
Succesfully added the Lambda function locally
? Restrict API access (Y/n) Y
? Restrict API access Yes
? Who should have access? 
? Who should have access? Authenticated and Guest users
? What kind of access do you want for Authenticated users 
? What kind of access do you want for Authenticated users read/write
? What kind of access do you want for Guest users 
? What kind of access do you want for Guest users read
Successfully added auth resource locally.
? Do you want to add another path? (y/N) N
? Do you want to add another path? No
Successfully added resource todosApi locally

Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

Here’s my App.js

import Amplify, { API } from "aws-amplify";
import aws_exports from "./aws-exports";
import { withAuthenticator } from "aws-amplify-react";
Amplify.configure(aws_exports);

.....

handleSubmit = async event => {
    event.preventDefault();
    console.log("calling api");
    const response = await API.post("todosApi", "/items", {
      body: {
        id: Date.now(),
        content: this.state.content
      }
    });
    console.log(response);
    alert(JSON.stringify(response, null, 2));
  };

I’ve followed the docs.

I get AccessDenied Exception. User: arn:aws:sts::xxxxxx:assumed-role/serverlessreactLambdaRoleb4xxxxd/todos is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:ap-south-1:xxxxxxxxxx.....

Expected behavior I expect authenticated users to read/write to the DB and unauthenticated to on read data.

Additional context amplify cli version 0.1.33