I am currently in the process of validating the migration of a set of users to a cognito user pool via the migration trigger, the essence of the lambda function for the trigger can be boiled down to:
def lambda_handler(event, context):
response = requests.post(external_auth_api_url, json_with_user_and_pass)
if response.status_code = 200:
event["response"] = {
"userAttributes": {
"username": event["userName"],
"email": event["userName"],
"email_verified": "true"
},
"finalUserStatus": "CONFIRMED",
"messageAction": "SUPPRESS"
}
return event
This is doing an external rest call to the old system the user was signing in through as per the documentation and returning a success response.
The issue I noticed is that if the lambda function time is too long, for example, the average execution time of this lambda for me right now via ngrok is about 5 seconds total, cognito is failing when I call initiateAuth with USERNAME_PASSWORD flow and returning the following:
botocore.errorfactory.UserNotFoundException: An error occurred (UserNotFoundException) when calling the InitiateAuth operation: Exception migrating user in app client xxxxxxxxxxxx
I managed to validate that this issue was occurring by simply returning a success response without doing an external REST call and essentially bringing the lambda function runtime down to milliseconds, in which case I got the tokens as expected and the user was successfully migrated.
I also tested this by simply having a lambda function like:
def lambda_handler(event, context):
time.sleep(5)
event["response"] = {
"userAttributes": {
"username": event["userName"],
"email": event["userName"],
"email_verified": "true"
},
"finalUserStatus": "CONFIRMED",
"messageAction": "SUPPRESS"
}
return event
This fails with the same error response as above.
If anyone can advise, I am not sure if there is a maximum time the migration trigger will wait that is not documented, I wouldn't expected the trigger to have such a thing if the migration trigger's intention is to do external REST calls which may or may not be slow.
Thanks in advance!
Thank you! It would be good if the cognito team updated the docs to highlight this execution time limit in the migration trigger page, as that's where it's most critical