I understand your concern, and I have recently successfully implemented the Lambda@Edge with Amazon Cognito regardless lot of limitations.

Few thinks to consider, avoid unnecessary other AWS calls, try to stick with only auth logic, and if needed separate the logic in different lifecycles, e.g. Viewer request, Origin request etc.

Here’s a step-by-step guide I wrote that walks through the full flow: https://ykhatri.dev/posts/step-by-step-guide-setting-up-lambda-at-edge-for-authentication-and-authorization-with-amazon-cognito/.