I suspect this might be IAM/VPC issue but perhaps not? My Lambda function calls Cognito's sign_up to register. The lambda function is behind an API GET endpoint.
I am able to call the endpoint locally and it creates the Cognito user successfully. However, when I deploy it to a staging environment, it doesn't seem to be able to call Cognito anymore. I peeked at the Cloudwatch logs and there is no error reported.
Staging environment has a lambda function behind a VPC that also has a MySQL database as well. I am able to pull data from this database from this lambda function. From that same environment, I am now trying to call Cognito user pool.
I also checked that the permission IAM role for this lambda function has CognitoPowerUser permissions.
I am not sure what other IAM roles/permissions I am missing here, it seems to work fine when I call it locally but not from the said staging environment.
My assumption would also be that this is an issue with your Lambda function in the VPC being unable to reach the public internet due to your VPC set up.
I would encourage you to review this blog to ensure you are set up correctly from a network perspective.
https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/