This lambda is configured (via cdk) as the 'authoriser' for the AWS AppSync instances (see https://aws.amazon.com/blogs/mobile/appsync-lambda-auth/ for more information). In short, it verifies the auth tokens (JWT) generated by bootstrapping-lambda, extracting the user's email so that it ends up in the identity.resolverContext.userEmail in the resolvers.
RELATED: Testing queries/mutations from AppSync area of AWS Console (in the browser)