AWS Cognito user migration lambda function

index.js

'use strict';

const https = require('https');

const attributes = (response) => {
  return {
    "email": response.email,
    "email_verified": "true",
    "name": response.name,
    "custom:rails_app_id": response.id
  };
};

const checkUser = (server, data, callback) => {
  let postData = JSON.stringify( data );

  let options = {
    hostname: server,
    path: "/aws/auth",
    method: 'POST',
    headers: {
         'Content-Type': 'application/json',
         'Content-Length': postData.length
       }
  };

  console.log('checkUser', options, data)
  let req = https.request(options, (res) => {

    console.log("result", res)
    let data = "";
    res.on('data', (chunk) => {
      data += chunk;
    });
    res.on('end', () => {
      if ( data ){
        let response = JSON.parse( data );
        //console.log( 'response:', JSON.stringify(response, null, 2) );
        callback( null, response);
      } else {
        callback( "Authentication error");
      }
    });
  });

  req.on('error', (e) => {
    callback( e );
  });

  req.write( postData );
  req.end();
}

exports.handler = (event, context, callback) => {

  console.log('Migrating user:', event.userName);

  let rails_server_url = process.env.rails_server_url;

  checkUser( rails_server_url, {
    email: event.userName,
    password: event.request && event.request.password,
    access_token: process.env.rails_server_access_token
  }, (err, response ) => {
    if ( err ){
      return context.fail("Connection error", err);
    }
    if ( event.triggerSource == "UserMigration_Authentication" ) {
      // authenticate the user with your existing user directory service
      if ( response.success ) {
          event.response.userAttributes = attributes( response ) ;
          event.response.finalUserStatus = "CONFIRMED";
          event.response.messageAction = "SUPPRESS";
          console.log(event)
          console.log('Migrating user:', event.userName);
          callback(null, event)
      } else if ( response.user_exists ) {
          // Return error to Amazon Cognito
          callback("Bad password");
      } else {
        callback("Bad user");
      }
    } else if ( event.triggerSource == "UserMigration_ForgotPassword" ) {
      if ( response.user_exists ) {
        event.response.userAttributes = attributes( response ) ;
        event.response.messageAction = "SUPPRESS";
        console.log('Migrating user with password reset:', event.userName);
        callback(null, event);
      } else {
        callback("Bad user");
      }
    } else {
      // Return error to Amazon Cognito
      callback("Bad triggerSource " + event.triggerSource);
    }
  });
};

You set the lambda function with this code as being triggered in your Cognito user pool: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html . Cognito will call that lambda whenever it needs to migrate a user and then uses the return value of your function to create the user in Cognito.