AWS Cognito Identity Service Provider appears to store access token in local storage. Is this safe?

Question

We are developing an application that uses a React front end website hosted on AWS using Amplify. This communicates with a .NET Core 3.1 Web API running on EC2 / Elastic Bea