Can you clarify what is printing this line:
2022-02-14T17:38:23.740+02:00 DEBUG 2022-02-14T15:38:23.739Z 2ea5db18-c9b5-4df8-b3ef-dfc01f9ede00 Starting new HTTPS connection (1): cognito-idp.us-east-1.amazonaws.com:443
It seems that a Connection is being made to the cognito endpoint here and nothing else is printed until Lambda times out.
This can happen when Lambda is unable to successfully connect to an external endpoint before the Lambda timeout occurs. From what I can see in the logs, Lambda is trying to connect to the Cognito endpoint but before it is able to make a successful connection or receive a reponse, the Lambda timeout is reached. In most cases, if there is no response within a few seconds then it would best to retry the HTTPS request.
It will depend on the timeout settings and the retry behavior of the library you are using if you will see an error in your Lambda logs or if you will see the retry in your Lambda logs
For example, the Boto3 SDK has a Connection timeout of 60 seconds. Therefore, if it tries to connect to Cognito then it will only timeout after 60 seconds. If your Lambda function has a timeout of 3 or 30 seconds it will appear as if your Lambda has "frozen" when it fails to connect to the Cognito endpoint until such time that the Lambda times out.
Please have a look here in this knowledge center article for more information about this -> https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-retry-timeout-sdk/
You may need to change the connection timeout of the library you are using to reach the cognito endpoint.
If the issue occurs consistently, you can update your timeout settings temporarily with the following formula(found in the above article):
First attempt (connection timeout + socket timeout) + Number of retries x (connection timeout + socket timeout) + 20 seconds additional code runtime margin = Required Lambda function timeout
This should ideally show that the HTTPS connection is being retried.
It's definitely possible that there may be another issues but this is what I'd like to rule out first based on the Lambda logs that have been provided.
External IDP Tokens in Cognito User Poolsasked 5 months ago
Return a custom header from lambda authorizer in API-gateway (HTTP api)asked 4 months ago
http lambda authorizer external api callsasked 4 months ago
API Gateway - JWT Authorizer - unable to decode "n" from RSA public keyasked 10 months ago
Can I use API Gateway cache invalidation with a custom authorizer ?asked 8 months ago
Help needed using AWS Encryption SDK, Python and RSA Public/Private keysasked 2 years ago
Python lambda failing to initialize RSA public key occasionallyasked 8 months ago
OpsWorks: cannot connect with Github due to SSH key / RSA issuesasked 5 months ago
Lambda Authorizer with API Key enabled on API Gatewayasked 6 months ago
Is it a good way to implement custom authorization logic(like an API call to validate header parameters) in Lambda Authorizers?asked 5 months ago