I configured the user pool to allow both username and email sign-in. On passing email in as the username during migration I was able to verify the email and password against an external system and return successfully from the user migration lambda trigger. However, I received the following exception and the user was not migrated: Username cannot be of email format since user pool is configured for email alias.
This makes no sense to me at all. When I recreated the user pool to only allow sign-in with email everything works as expected--the user is authenticated and created in the user pool. I'm looking for clarification as to how the user pool should be configured and how to pass in the proper values during sign-in, and specifically: how to handle this during a migration event.
The comment by Al-Mustafa Azhari in the following thread seems like it would work as well but this convention is not in the AWS documentation--not that I can see anyway. Cognito and Java - Username cannot be of email format since user pool is configured for email alias
AWS Cognito migration lambda docs: Migrate user Lambda trigger - Amazon Cognito
AWS Cognito user pool docs: Migrate user Lambda trigger - Amazon Cognito
If the answer is buried somewhere in the docs, I have yet to find it.