Thank you so much @tobiaseigen !
I started the community without AWS Cognito… my system is using the default Discourse auth system… it’s kind of hacky because, whenever my users become paying clients, a webhook on Stripe creates a new Discourse user using the API, generates a temporary password, and sends the credentials to them over email.
I wanted to use AWS Cognito because my main paid service is a course hosted on Gitbook, protected with an AWS Cognito passwordless authentication system. Reusing the system would be ideal for my users. But now it’s too late 
Anyway, I think I followed all steps you described… or maybe I missed something… everything worked perfectly, except for the fact that after entering the email and the authentication code, Discourse would redirect back to /login and not to / (the home). Inspecting the users on Discourse admin page, I saw that AWS Cognito would never create Discourse users.
Thanks anyway!