Cognito migration trigger runs successfully but return error

Question

Hello, I have created a [Migrate user Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html) to automatically sign-up users from a MySQL DB into a Cognito pool once they sign-in.

I am using the hosted UI provided by Cognito and the trigger executes properly, it validates the user credentials and a `context.succeed(event);` is emitted back, yet I get an error response every time in the UI `Incorrect username or password.` and the user is not properly created in the Cognito pool.

![Enter image description here](/media/postImages/original/IMHyY4FBYUTFiwfOzMWdfNhw)

This Lambda function was previously working as expected, I was able to migrate user's successfully but it started to suddenly fail.
Here's how it looks like:
```javascript
exports.handler = async (event, context, callback) => {
	var user;

if (event.triggerSource == "UserMigration_Authentication") {
		// authenticate the user with your existing user directory service
		user = await authenticateUser(event.userName, event.request.password);
		
		if (user) {
			event.response.userAttributes = {
				"email": user.email,
				"email_verified": "true"
			};
			event.response.finalUserStatus = "CONFIRMED";
			event.response.messageAction = "SUPPRESS";
			context.succeed(event);
		} else {
			// Return error to Amazon Cognito
			callback("Invalid password code");
		}
	} else if (event.triggerSource == "UserMigration_ForgotPassword") {
		// Lookup the user in your existing user directory service
		user = await lookupUser(event.userName);
		
		if (user) {
			event.response.userAttributes = {
				"email": user.email,
				// required to enable password-reset code to be sent to user
				"email_verified": "true"  
			};
			event.response.messageAction = "SUPPRESS";
			context.succeed(event);
		} else {
			// Return error to Amazon Cognito
			callback("User not found");
		}
	} else { 
		// Return error to Amazon Cognito
		callback("Invalid triggerSource " + event.triggerSource);
	}
};
```

And this is an example of the event sent back when a user is successfully authenticated:

```json
{
  version: '1',
  triggerSource: 'UserMigration_Authentication',
  region: 'us-xxx-x',
  userPoolId: 'us-xxx-x_xxxXxXX',
  userName: 'qa_tests+email@email.com',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: '79vm3b2pogsddtl9udq5unrg'
  },
  request: { password: 'Password!', validationData: null, userAttributes: null },
  response: {
    userAttributes: {
      email: 'qa_tests+email@email.com',
      email_verified: 'true'
    },
    forceAliasCreation: null,
    enableSMSMFA: null,
    finalUserStatus: 'CONFIRMED',
    messageAction: 'SUPPRESS',
    desiredDeliveryMediums: null
  }
}
```
`authenticateUser` is the function fetching the user from MySQL and validating the credentials

`lookupUser` is the function fetching a user from MySQL.

I can not figure out what the problem is, specially given the error response `Incorrect username or password.` when both, email and password are correct.

This Lambda was properly working before, it just started to fail recently and I can't think of a reason, the only changes that I can recall have been adding and deleting client Apps in the pool.

Accepted Answer

I've got my answer after digging deep and reading [other posts](https://repost.aws/questions/QUdn0b7UR1TtSH0wgAWeBYDA/cognito-user-migration-exception-exception-migrating-user-in-app-client)

The user [gev1695](https://repost.aws/community/users/USKDozgWPxQ8W4SBE1JyOchA) provided the answer, essentially you have to increase the default memory of your lambda function.

I Can't believe how lacking your documentation is, not to mention how bad the logs to properly debug issues appear.

Feel free to close and mark this as resolved.

Cognito migration trigger runs successfully but return error

관련 콘텐츠