Switch necessary for matching VLANs to SSIDs via Access Point?

[Mosman]

Hi all,
I have a very brief question which is still taking me a bit of time to figure out properly.
A lot of online searching has kept guiding me towards the 'just not exactly what I needed' answers but elucidated quite a bunch already. The amazing work of HomeNetworkGuy, Jim's Garage, and several others were definitely of great help (and are an absolute recommendation for learning more). Still, I haven't found the gemstone in the mud so I am taking the chance to just ask it bluntly on our user forum and hope to get the information easily available for fellow internet humans who might search for the same keywords in their setup.

For my SOHO setup I am looking at a simple and reasonably foolproof solution with just 3 devices.
  The intended setup is : 1) ISP modem > 2) OPNsense Firewall [with VLANs] > 3) Access Point --> access for all

My expectation is to easily assign the VLANs matching WiFi SSIDs via my ASUS router in Access Point mode. For proper segmentation I tagged all VLANs and assigned proper firewall rules. Then again, I also see quite a number of threads stating that managed switches are necessary(?) before adding the Access Points. But to my understanding, won't the Access Point just pick up VLANs if these are correctly tagged (and fulfills the required technical specifications)?
Hoping to learn more about this part of the puzzle and why switches are such a big deal :)

[Patrick M. Hausen]

You do not need a switch if all your devices connect wirelessly and you have just a single access point. If you have multiple a switch is recommended although you could emulate one in software with OPNsense's bridge interfaces.