TL;DR
Daml’s JWTs are access tokens, as they describe the rights and access over the resources (in this case, the ledger).
More words
Identity tokens are granted to you in order to authenticate you (you are who you say you are); this is the equivalent of holding an ID card that anyone can use to verify you are who you say you are.
Access tokens are granted, typically by exchanging an identity token, in order to authorize your access to a resource; this is the equivalent of a brick-and-mortar bank looking at your ID, deciding they trust it, and then using that trust to decide to grant you access to specific resources in the bank (namely, your own back account).
Note that this brick-and-mortar bank can not authenticate your identity—they merely use your confirmed identity to authorize you access to something. Likewise, a government behind a government-issued ID does not authorize your access to your bank account; the government merely speaks to the authenticity of your identity.
In your case, your Cognito lambda trigger takes the identity from Cognito (which your trigger trusts as having been properly authenticated) and then makes a decision about what to authorize that identity to; Cognito uses your supplied information to provide a signed access token from the raw information you provide (namely, the claims that the ledger expects).
Hope this helped!