There are more AWS SDK examples available in the AWS Doc SDK Examples
Amazon Cognito Identity Provider examples using AWS CLI
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with Amazon Cognito Identity Provider.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use add-custom-attributes
.
- AWS CLI
-
To add a custom attribute
This example adds a custom attribute CustomAttr1 to a user pool. It is a String type, and requires a minimum of 1 character and a maximum of 15. It is not required.
Command:
aws cognito-idp add-custom-attributes --user-pool-id
us-west-2_aaaaaaaaa
--custom-attributes Name="CustomAttr1",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,StringAttributeConstraints="{MinLength=1,MaxLength=15}"-
For API details, see AddCustomAttributes
in AWS CLI Command Reference.
-
The following code example shows how to use admim-disable-user
.
- AWS CLI
-
To disable a user
This example disables user jane@example.com.
Command:
aws cognito-idp admin-disable-user --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
-
For API details, see AdmimDisableUser
in AWS CLI Command Reference.
-
The following code example shows how to use admim-enable-user
.
- AWS CLI
-
To enable a user
This example enables username jane@example.com.
Command:
aws cognito-idp admin-enable-user --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
-
For API details, see AdmimEnableUser
in AWS CLI Command Reference.
-
The following code example shows how to use admin-add-user-to-group
.
- AWS CLI
-
To add a user to a group
This example adds user Jane to group MyGroup.
Command:
aws cognito-idp admin-add-user-to-group --user-pool-id
us-west-2_aaaaaaaaa
--usernameJane
--group-nameMyGroup
-
For API details, see AdminAddUserToGroup
in AWS CLI Command Reference.
-
The following code example shows how to use admin-confirm-sign-up
.
- AWS CLI
-
To confirm user registration
This example confirms user jane@example.com.
Command:
aws cognito-idp admin-confirm-sign-up --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
-
For API details, see AdminConfirmSignUp
in AWS CLI Command Reference.
-
The following code example shows how to use admin-create-user
.
- AWS CLI
-
To create a user
The following
admin-create-user
example creates a user with the specified settings email address and phone number.aws cognito-idp admin-create-user \ --user-pool-id
us-west-2_aaaaaaaaa
\ --usernamediego
\ --user-attributesName=email,Value=diego@example.com
Name=phone_number,Value="+15555551212" \ --message-actionSUPPRESS
Output:
{ "User": { "Username": "diego", "Attributes": [ { "Name": "sub", "Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2" }, { "Name": "phone_number", "Value": "+15555551212" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548099495.428, "UserLastModifiedDate": 1548099495.428, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } }
-
For API details, see AdminCreateUser
in AWS CLI Command Reference.
-
The following code example shows how to use admin-delete-user-attributes
.
- AWS CLI
-
To delete a user attribute
This example deletes a custom attribute CustomAttr1 for user diego@example.com.
Command:
aws cognito-idp admin-delete-user-attributes --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--user-attribute-names"custom:CustomAttr1"
-
For API details, see AdminDeleteUserAttributes
in AWS CLI Command Reference.
-
The following code example shows how to use admin-delete-user
.
- AWS CLI
-
To delete a user
This example deletes a user.
Command:
aws cognito-idp admin-delete-user --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
-
For API details, see AdminDeleteUser
in AWS CLI Command Reference.
-
The following code example shows how to use admin-forget-device
.
- AWS CLI
-
To forget a device
This example forgets device for username jane@example.com
Command:
aws cognito-idp admin-forget-device --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
--device-keyus-west-2_abcd_1234-5678
-
For API details, see AdminForgetDevice
in AWS CLI Command Reference.
-
The following code example shows how to use admin-get-device
.
- AWS CLI
-
To get a device
This example gets a device for username jane@example.com
Command:
aws cognito-idp admin-get-device --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
--device-keyus-west-2_abcd_1234-5678
-
For API details, see AdminGetDevice
in AWS CLI Command Reference.
-
The following code example shows how to use admin-get-user
.
- AWS CLI
-
To get a user
This example gets information about username jane@example.com.
Command:
aws cognito-idp admin-get-user --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
Output:
{ "Username": "4320de44-2322-4620-999b-5e2e1c8df013", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548108509.537, "UserAttributes": [ { "Name": "sub", "Value": "4320de44-2322-4620-999b-5e2e1c8df013" }, { "Name": "email_verified", "Value": "true" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+01115551212" }, { "Name": "email", "Value": "jane@example.com" } ], "UserLastModifiedDate": 1548108509.537 }
-
For API details, see AdminGetUser
in AWS CLI Command Reference.
-
The following code example shows how to use admin-initiate-auth
.
- AWS CLI
-
To initiate authorization
This example initiates authorization using the ADMIN_NO_SRP_AUTH flow for username jane@example.com
The client must have sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH) enabled.
Use the session information in the return value to call admin-respond-to-auth-challenge.
Command:
aws cognito-idp admin-initiate-auth --user-pool-id
us-west-2_aaaaaaaaa
--client-id3n4b5urk1ft4fl3mg5e62d9ado
--auth-flowADMIN_NO_SRP_AUTH
--auth-parametersUSERNAME=jane@example.com,PASSWORD=password
Output:
{ "ChallengeName": "NEW_PASSWORD_REQUIRED", "Session": "SESSION", "ChallengeParameters": { "USER_ID_FOR_SRP": "84514837-dcbc-4af1-abff-f3c109334894", "requiredAttributes": "[]", "userAttributes": "{\"email_verified\":\"true\",\"phone_number_verified\":\"true\",\"phone_number\":\"+01xxx5550100\",\"email\":\"jane@example.com\"}" } }
-
For API details, see AdminInitiateAuth
in AWS CLI Command Reference.
-
The following code example shows how to use admin-list-devices
.
- AWS CLI
-
To list devices for a user
This example lists devices for username jane@example.com.
Command:
aws cognito-idp admin-list-devices --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
-
For API details, see AdminListDevices
in AWS CLI Command Reference.
-
The following code example shows how to use admin-list-groups-for-user
.
- AWS CLI
-
To list groups for a user
This example lists groups for username jane@example.com.
Command:
aws cognito-idp admin-list-groups-for-user --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
Output:
{ "Groups": [ { "Description": "Sample group", "Precedence": 1, "LastModifiedDate": 1548097827.125, "RoleArn": "arn:aws:iam::111111111111:role/SampleRole", "GroupName": "SampleGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "CreationDate": 1548097827.125 } ] }
-
For API details, see AdminListGroupsForUser
in AWS CLI Command Reference.
-
The following code example shows how to use admin-list-user-auth-events
.
- AWS CLI
-
To list authorization events for a user
This example lists authorization events for username diego@example.com.
Command:
aws cognito-idp admin-list-user-auth-events --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
-
For API details, see AdminListUserAuthEvents
in AWS CLI Command Reference.
-
The following code example shows how to use admin-remove-user-from-group
.
- AWS CLI
-
To remove a user from a group
This example removes jane@example.com from SampleGroup.
Command:
aws cognito-idp admin-remove-user-from-group --user-pool-id
us-west-2_aaaaaaaaa
--usernamejane@example.com
--group-nameSampleGroup
-
For API details, see AdminRemoveUserFromGroup
in AWS CLI Command Reference.
-
The following code example shows how to use admin-reset-user-password
.
- AWS CLI
-
To reset a user password
This example resets the password for diego@example.com.
Command:
aws cognito-idp admin-reset-user-password --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
-
For API details, see AdminResetUserPassword
in AWS CLI Command Reference.
-
The following code example shows how to use admin-set-user-mfa-preference
.
- AWS CLI
-
To set the user MFA preference
This example sets the SMS MFA preference for username diego@example.com.
Command:
aws cognito-idp admin-set-user-mfa-preference --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--sms-mfa-settingsEnabled=false,PreferredMfa=false
-
For API details, see AdminSetUserMfaPreference
in AWS CLI Command Reference.
-
The following code example shows how to use admin-set-user-settings
.
- AWS CLI
-
To set user settings
This example sets the MFA delivery preference for username diego@example.com to EMAIL.
Command:
aws cognito-idp admin-set-user-settings --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--mfa-optionsDeliveryMedium=EMAIL
-
For API details, see AdminSetUserSettings
in AWS CLI Command Reference.
-
The following code example shows how to use admin-update-auth-event-feedback
.
- AWS CLI
-
To provide feedback for an authorization event
This example sets the feedback value for an authorization event identified by event-id to Valid.
Command:
aws cognito-idp admin-update-auth-event-feedback --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--event-idc2c2cf89-c0d3-482d-aba6-99d78a5b0bfe
--feedback-valueValid
-
For API details, see AdminUpdateAuthEventFeedback
in AWS CLI Command Reference.
-
The following code example shows how to use admin-update-device-status
.
- AWS CLI
-
To update device status
This example sets the device remembered status for the device identified by device-key to not_remembered.
Command:
aws cognito-idp admin-update-device-status --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--device-keyxxxx
--device-remembered-statusnot_remembered
-
For API details, see AdminUpdateDeviceStatus
in AWS CLI Command Reference.
-
The following code example shows how to use admin-update-user-attributes
.
- AWS CLI
-
To update user attributes
This example updates a custom user attribute CustomAttr1 for user diego@example.com.
Command:
aws cognito-idp admin-update-user-attributes --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--user-attributes Name="custom:CustomAttr1",Value="Purple"-
For API details, see AdminUpdateUserAttributes
in AWS CLI Command Reference.
-
The following code example shows how to use change-password
.
- AWS CLI
-
To change a password
This example changes a password.
Command:
aws cognito-idp change-password --previous-password
OldPassword
--proposed-passwordNewPassword
--access-tokenACCESS_TOKEN
-
For API details, see ChangePassword
in AWS CLI Command Reference.
-
The following code example shows how to use confirm-forgot-password
.
- AWS CLI
-
To confirm a forgotten password
This example confirms a forgotten password for username diego@example.com.
Command:
aws cognito-idp confirm-forgot-password --client-id
3n4b5urk1ft4fl3mg5e62d9ado
--username=diego@example.com --passwordPASSWORD
--confirmation-codeCONF_CODE
-
For API details, see ConfirmForgotPassword
in AWS CLI Command Reference.
-
The following code example shows how to use confirm-sign-up
.
- AWS CLI
-
To confirm sign-up
This example confirms sign-up for username diego@example.com.
Command:
aws cognito-idp confirm-sign-up --client-id
3n4b5urk1ft4fl3mg5e62d9ado
--username=diego@example.com --confirmation-codeCONF_CODE
-
For API details, see ConfirmSignUp
in AWS CLI Command Reference.
-
The following code example shows how to use create-group
.
- AWS CLI
-
To create a group
This example creates a group with a description.
Command:
aws cognito-idp create-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyNewGroup
--description"New group."
Output:
{ "Group": { "GroupName": "MyNewGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group.", "LastModifiedDate": 1548270073.795, "CreationDate": 1548270073.795 } }
To create a group with a role and precedence
This example creates a group with a description. It also includes a role and precedence.
Command:
aws cognito-idp create-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyNewGroupWithRole
--description"New group with a role."
--role-arnarn:aws:iam::111111111111:role/MyNewGroupRole
--precedence2
Output:
{ "Group": { "GroupName": "MyNewGroupWithRole", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group with a role.", "RoleArn": "arn:aws:iam::111111111111:role/MyNewGroupRole", "Precedence": 2, "LastModifiedDate": 1548270211.761, "CreationDate": 1548270211.761 } }
-
For API details, see CreateGroup
in AWS CLI Command Reference.
-
The following code example shows how to use create-user-import-job
.
- AWS CLI
-
To create a user import job
This example creates a user import job named MyImportJob.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp create-user-import-job --user-pool-id
us-west-2_aaaaaaaaa
--job-nameMyImportJob
--cloud-watch-logs-role-arnarn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole
Output:
{ "UserImportJob": { "JobName": "MyImportJob", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }
Upload the .csv file with curl using the pre-signed URL:
Command:
curl -v -T "PATH_TO_CSV_FILE" -H "x-amz-server-side-encryption:aws:kms" "PRE_SIGNED_URL"
-
For API details, see CreateUserImportJob
in AWS CLI Command Reference.
-
The following code example shows how to use create-user-pool-client
.
- AWS CLI
-
To create a user pool client
This example creates a new user pool client with two explicit authorization flows: USER_PASSWORD_AUTH and ADMIN_NO_SRP_AUTH.
Command:
aws cognito-idp create-user-pool-client --user-pool-id
us-west-2_aaaaaaaaa
--client-nameMyNewClient
--no-generate-secret --explicit-auth-flows"USER_PASSWORD_AUTH"
"ADMIN_NO_SRP_AUTH"
Output:
{ "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "MyNewClient", "ClientId": "6p3bs000no6a4ue1idruvd05ad", "LastModifiedDate": 1548697449.497, "CreationDate": 1548697449.497, "RefreshTokenValidity": 30, "ExplicitAuthFlows": [ "USER_PASSWORD_AUTH", "ADMIN_NO_SRP_AUTH" ], "AllowedOAuthFlowsUserPoolClient": false } }
-
For API details, see CreateUserPoolClient
in AWS CLI Command Reference.
-
The following code example shows how to use create-user-pool-domain
.
- AWS CLI
-
To create a user pool domain
This example creates a new user pool domain. with two explicit authorization flows: USER_PASSWORD_AUTH and ADMIN_NO_SRP_AUTH.
Command:
aws cognito-idp create-user-pool-domain --user-pool-id
us-west-2_aaaaaaaaa
--domainmy-new-domain
-
For API details, see CreateUserPoolDomain
in AWS CLI Command Reference.
-
The following code example shows how to use create-user-pool
.
- AWS CLI
-
To create a minimally configured user pool
This example creates a user pool named MyUserPool using default values. There are no required attributes and no application clients. MFA and advanced security is disabled.
Command:
aws cognito-idp create-user-pool --pool-name
MyUserPool
Output:
{ "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547833345.777, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": {}, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "CreationDate": 1547833345.777, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } }
To create a user pool with two required attributes
This example creates a user pool MyUserPool. The pool is configured to accept email as a username attribute. It also sets the email source address to a validated address using Amazon Simple Email Service.
Command:
aws cognito-idp create-user-pool --pool-name
MyUserPool
--username-attributes"email"
--email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com"Output:
{ "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547837788.189, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "jane@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com" }, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UsernameAttributes": [ "email" ], "CreationDate": 1547837788.189, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } }
-
For API details, see CreateUserPool
in AWS CLI Command Reference.
-
The following code example shows how to use delete-group
.
- AWS CLI
-
To delete a group
This example deletes a group.
Command:
aws cognito-idp delete-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyGroupName
-
For API details, see DeleteGroup
in AWS CLI Command Reference.
-
The following code example shows how to use delete-identity-provider
.
- AWS CLI
-
To delete an identity provider
This example deletes an identity provider.
Command:
aws cognito-idp delete-identity-provider --user-pool-id
us-west-2_aaaaaaaaa
--provider-nameFacebook
-
For API details, see DeleteIdentityProvider
in AWS CLI Command Reference.
-
The following code example shows how to use delete-resource-server
.
- AWS CLI
-
To delete a resource server
This example deletes a resource server named weather.example.com.
Command:
aws cognito-idp delete-resource-server --user-pool-id
us-west-2_aaaaaaaaa
--identifierweather.example.com
-
For API details, see DeleteResourceServer
in AWS CLI Command Reference.
-
The following code example shows how to use delete-user-attributes
.
- AWS CLI
-
To delete user attributes
This example deletes the user attribute "FAVORITE_ANIMAL".
Command:
aws cognito-idp delete-user-attributes --access-token
ACCESS_TOKEN
--user-attribute-names"FAVORITE_ANIMAL"
-
For API details, see DeleteUserAttributes
in AWS CLI Command Reference.
-
The following code example shows how to use delete-user-pool-client
.
- AWS CLI
-
To delete a user pool client
This example deletes a user pool client.
Command:
aws cognito-idp delete-user-pool-client --user-pool-id
us-west-2_aaaaaaaaa
--client-id38fjsnc484p94kpqsnet7mpld0
-
For API details, see DeleteUserPoolClient
in AWS CLI Command Reference.
-
The following code example shows how to use delete-user-pool-domain
.
- AWS CLI
-
To delete a user pool domain
The following
delete-user-pool-domain
example deletes a user pool domain namedmy-domain
aws cognito-idp delete-user-pool-domain \ --user-pool-id
us-west-2_aaaaaaaaa
\ --domainmy-domain
-
For API details, see DeleteUserPoolDomain
in AWS CLI Command Reference.
-
The following code example shows how to use delete-user-pool
.
- AWS CLI
-
To delete a user pool
This example deletes a user pool using the user pool id, us-west-2_aaaaaaaaa.
Command:
aws cognito-idp delete-user-pool --user-pool-id
us-west-2_aaaaaaaaa
-
For API details, see DeleteUserPool
in AWS CLI Command Reference.
-
The following code example shows how to use delete-user
.
- AWS CLI
-
To delete a user
This example deletes a user.
Command:
aws cognito-idp delete-user --access-token
ACCESS_TOKEN
-
For API details, see DeleteUser
in AWS CLI Command Reference.
-
The following code example shows how to use describe-identity-provider
.
- AWS CLI
-
To describe an identity provider
This example describes an identity provider named Facebook.
Command:
aws cognito-idp describe-identity-provider --user-pool-id
us-west-2_aaaaaaaaa
--provider-nameFacebook
Output:
{ "IdentityProvider": { "UserPoolId": "us-west-2_aaaaaaaaa", "ProviderName": "Facebook", "ProviderType": "Facebook", "ProviderDetails": { "attributes_url": "https://graph.facebook.com/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": myscope", "authorize_url": "https://www.facebook.com/v2.9/dialog/oauth", "client_id": "11111", "client_secret": "11111", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v2.9/oauth/access_token" }, "AttributeMapping": { "username": "id" }, "IdpIdentifiers": [], "LastModifiedDate": 1548105901.736, "CreationDate": 1548105901.736 } }
-
For API details, see DescribeIdentityProvider
in AWS CLI Command Reference.
-
The following code example shows how to use describe-resource-server
.
- AWS CLI
-
To describe a resource server
This example describes the resource server weather.example.com.
Command:
aws cognito-idp describe-resource-server --user-pool-id
us-west-2_aaaaaaaaa
--identifierweather.example.com
Output:
{ "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Weather", "Scopes": [ { "ScopeName": "weather.update", "ScopeDescription": "Update weather forecast" }, { "ScopeName": "weather.read", "ScopeDescription": "Read weather forecasts" }, { "ScopeName": "weather.delete", "ScopeDescription": "Delete a weather forecast" } ] } }
-
For API details, see DescribeResourceServer
in AWS CLI Command Reference.
-
The following code example shows how to use describe-risk-configuration
.
- AWS CLI
-
To describe a risk configuration
This example describes the risk configuration associated with pool us-west-2_aaaaaaaaa.
Command:
aws cognito-idp describe-risk-configuration --user-pool-id
us-west-2_aaaaaaaaa
Output:
{ "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_IN", "SIGN_UP", "PASSWORD_CHANGE" ], "Actions": { "EventAction": "BLOCK" } }, "AccountTakeoverRiskConfiguration": { "NotifyConfiguration": { "From": "diego@example.com", "ReplyTo": "diego@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/diego@example.com", "BlockEmail": { "Subject": "Blocked sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We blocked an unrecognized sign-in to your account with this information:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "Subject": "New sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We observed an unrecognized sign-in to your account with this information:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "MfaEmail": { "Subject": "New sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We required you to use multi-factor authentication for the following sign-in attempt:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" } }, "Actions": { "LowAction": { "Notify": true, "EventAction": "NO_ACTION" }, "MediumAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" }, "HighAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" } } } } }
-
For API details, see DescribeRiskConfiguration
in AWS CLI Command Reference.
-
The following code example shows how to use describe-user-import-job
.
- AWS CLI
-
To describe a user import job
This example describes a user input job.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp describe-user-import-job --user-pool-id
us-west-2_aaaaaaaaa
--job-idimport-TZqNQvDRnW
Output:
{ "UserImportJob": { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED URL", "CreationDate": 1548271708.512, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }
-
For API details, see DescribeUserImportJob
in AWS CLI Command Reference.
-
The following code example shows how to use describe-user-pool-client
.
- AWS CLI
-
To describe a user pool client
This example describes a user pool client.
Command:
aws cognito-idp describe-user-pool-client --user-pool-id
us-west-2_aaaaaaaaa
--client-id38fjsnc484p94kpqsnet7mpld0
Output:
{ "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "MyApp", "ClientId": "38fjsnc484p94kpqsnet7mpld0", "ClientSecret": "CLIENT_SECRET", "LastModifiedDate": 1548108676.163, "CreationDate": 1548108676.163, "RefreshTokenValidity": 30, "ReadAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "WriteAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "ExplicitAuthFlows": [ "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH" ], "AllowedOAuthFlowsUserPoolClient": false } }
-
For API details, see DescribeUserPoolClient
in AWS CLI Command Reference.
-
The following code example shows how to use describe-user-pool-domain
.
- AWS CLI
-
To describe a user pool client
This example describes a user pool domain named my-domain.
Command:
aws cognito-idp describe-user-pool-domain --domain
my-domain
Output:
{ "DomainDescription": { "UserPoolId": "us-west-2_aaaaaaaaa", "AWSAccountId": "111111111111", "Domain": "my-domain", "S3Bucket": "aws-cognito-prod-pdx-assets", "CloudFrontDistribution": "aaaaaaaaaaaaa.cloudfront.net", "Version": "20190128175402", "Status": "ACTIVE", "CustomDomainConfig": {} } }
-
For API details, see DescribeUserPoolDomain
in AWS CLI Command Reference.
-
The following code example shows how to use describe-user-pool
.
- AWS CLI
-
To describe a user pool
This example describes a user pool with the user pool id us-west-2_aaaaaaaaa.
Command:
aws cognito-idp describe-user-pool --user-pool-id
us-west-2_aaaaaaaaa
Output:
{ "UserPool": { "SmsVerificationMessage": "Your verification code is {####}. ", "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "EmailVerificationSubject": "Your verification code", "MfaConfiguration": "OFF", "Name": "MyUserPool", "EmailVerificationMessage": "Your verification code is {####}. ", "SmsAuthenticationMessage": "Your authentication code is {####}. ", "LastModifiedDate": 1547763720.822, "AdminCreateUserConfig": { "InviteMessageTemplate": { "EmailMessage": "Your username is {username} and temporary password is {####}. ", "EmailSubject": "Your temporary password", "SMSMessage": "Your username is {username} and temporary password is {####}. " }, "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "myemail@mydomain.com" "SourceArn": "arn:aws:ses:us-east-1:000000000000:identity/myemail@mydomain.com" }, "AutoVerifiedAttributes": [ "email" ], "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UserPoolTags": {}, "UsernameAttributes": [ "email" ], "CreationDate": 1547763720.822, "EstimatedNumberOfUsers": 1, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } }
-
For API details, see DescribeUserPool
in AWS CLI Command Reference.
-
The following code example shows how to use forget-device
.
- AWS CLI
-
To forget a device
This example forgets device a device.
Command:
aws cognito-idp forget-device --device-key
us-west-2_abcd_1234-5678
-
For API details, see ForgetDevice
in AWS CLI Command Reference.
-
The following code example shows how to use forgot-password
.
- AWS CLI
-
To force a password change
The following
forgot-password
example sends a message to jane@example.com to change their password.aws cognito-idp forgot-password --client-id
38fjsnc484p94kpqsnet7mpld0
--usernamejane@example.com
Output:
{ "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } }
-
For API details, see ForgotPassword
in AWS CLI Command Reference.
-
The following code example shows how to use get-csv-header
.
- AWS CLI
-
To create a csv header
This example creates a csv header.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp get-csv-header --user-pool-id
us-west-2_aaaaaaaaa
Output:
{ "UserPoolId": "us-west-2_aaaaaaaaa", "CSVHeader": [ "name", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "email", "email_verified", "gender", "birthdate", "zoneinfo", "locale", "phone_number", "phone_number_verified", "address", "updated_at", "cognito:mfa_enabled", "cognito:username" ] }
... Importing Users into User Pools From a CSV File: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html
-
For API details, see GetCsvHeader
in AWS CLI Command Reference.
-
The following code example shows how to use get-group
.
- AWS CLI
-
To get information about a group
This example gets information about a group named MyGroup.
Command:
aws cognito-idp get-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyGroup
Output:
{ "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "A sample group.", "LastModifiedDate": 1548270073.795, "CreationDate": 1548270073.795 } }
-
For API details, see GetGroup
in AWS CLI Command Reference.
-
The following code example shows how to use get-signing-certificate
.
- AWS CLI
-
To get a signing certificate
This example gets a signing certificate for a user pool.
Command:
aws cognito-idp get-signing-certificate --user-pool-id
us-west-2_aaaaaaaaa
Output:
{ "Certificate": "CERTIFICATE_DATA" }
-
For API details, see GetSigningCertificate
in AWS CLI Command Reference.
-
The following code example shows how to use get-ui-customization
.
- AWS CLI
-
To get UI customization information
This example gets UI customization information for a user pool.
Command:
aws cognito-idp get-ui-customization --user-pool-id
us-west-2_aaaaaaaaa
Output:
{ "UICustomization": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientId": "ALL", "ImageUrl": "https://aaaaaaaaaaaaa.cloudfront.net/us-west-2_aaaaaaaaa/ALL/20190128231240/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", "CSSVersion": "20190128231240" } }
-
For API details, see GetUiCustomization
in AWS CLI Command Reference.
-
The following code example shows how to use list-user-import-jobs
.
- AWS CLI
-
To list user import jobs
This example lists user import jobs.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp list-user-import-jobs --user-pool-id
us-west-2_aaaaaaaaa
--max-results20
Output:
{ "UserImportJobs": [ { "JobName": "Test2", "JobId": "import-d0OnwGA3mV", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548272793.069, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 }, { "JobName": "Test1", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 }, { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271708.512, "StartDate": 1548277247.962, "CompletionDate": 1548277248.912, "Status": "Failed", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 1, "CompletionMessage": "Too many users have failed or been skipped during the import." } ] }
-
For API details, see ListUserImportJobs
in AWS CLI Command Reference.
-
The following code example shows how to use list-user-pools
.
- AWS CLI
-
To list user pools
This example lists up to 20 user pools.
Command:
aws cognito-idp list-user-pools --max-results
20
Output:
{ "UserPools": [ { "CreationDate": 1547763720.822, "LastModifiedDate": 1547763720.822, "LambdaConfig": {}, "Id": "us-west-2_aaaaaaaaa", "Name": "MyUserPool" } ] }
-
For API details, see ListUserPools
in AWS CLI Command Reference.
-
The following code example shows how to use list-users-in-group
.
- AWS CLI
-
To list users in a group
This example lists users in group MyGroup.
Command:
aws cognito-idp list-users-in-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyGroup
Output:
{ "Users": [ { "Username": "acf10624-80bb-401a-ac61-607bee2110ec", "Attributes": [ { "Name": "sub", "Value": "acf10624-80bb-401a-ac61-607bee2110ec" }, { "Name": "custom:CustomAttr1", "Value": "New Value!" }, { "Name": "email", "Value": "jane@example.com" } ], "UserCreateDate": 1548102770.284, "UserLastModifiedDate": 1548103204.893, "Enabled": true, "UserStatus": "CONFIRMED" }, { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } ] }
-
For API details, see ListUsersInGroup
in AWS CLI Command Reference.
-
The following code example shows how to use list-users
.
- AWS CLI
-
To list users
This example lists up to 20 users.
Command:
aws cognito-idp list-users --user-pool-id
us-west-2_aaaaaaaaa
--limit20
Output:
{ "Users": [ { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "mary@example.com" } ] } ] }
-
For API details, see ListUsers
in AWS CLI Command Reference.
-
The following code example shows how to use resend-confirmation-code
.
- AWS CLI
-
To resend a confirmation code
The following
resend-confirmation-code
example sends a confirmation code to the userjane
.aws cognito-idp resend-confirmation-code \ --client-id
12a3b456c7de890f11g123hijk
\ --usernamejane
Output:
{ "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } }
For more information, see Signing up and confirming user accounts in the Amazon Cognito Developer Guide.
-
For API details, see ResendConfirmationCode
in AWS CLI Command Reference.
-
The following code example shows how to use respond-to-auth-challenge
.
- AWS CLI
-
To respond to an authorization challenge
This example responds to an authorization challenge initiated with initiate-auth. It is a response to the NEW_PASSWORD_REQUIRED challenge. It sets a password for user jane@example.com.
Command:
aws cognito-idp respond-to-auth-challenge --client-id
3n4b5urk1ft4fl3mg5e62d9ado
--challenge-nameNEW_PASSWORD_REQUIRED
--challenge-responses USERNAME=jane@example.com,NEW_PASSWORD="password" --session"SESSION_TOKEN"
Output:
{ "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_fec070d2-fa88-424a-8ec8-b26d7198eb23", "DeviceGroupKey": "-wt2ha1Zd" } } }
-
For API details, see RespondToAuthChallenge
in AWS CLI Command Reference.
-
The following code example shows how to use set-risk-configuration
.
- AWS CLI
-
To set risk configuration
This example sets the risk configuration for a user pool. It sets the sign-up event action to NO_ACTION.
Command:
aws cognito-idp set-risk-configuration --user-pool-id
us-west-2_aaaaaaaaa
--compromised-credentials-risk-configurationEventFilter=SIGN_UP,Actions={EventAction=NO_ACTION}
Output:
{ "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_UP" ], "Actions": { "EventAction": "NO_ACTION" } } } }
-
For API details, see SetRiskConfiguration
in AWS CLI Command Reference.
-
The following code example shows how to use set-ui-customization
.
- AWS CLI
-
To set UI customization
This example customizes the CSS setting for a user pool.
Command:
aws cognito-idp set-ui-customization --user-pool-id
us-west-2_aaaaaaaaa
--css".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n"
Output:
{ "UICustomization": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientId": "ALL", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", "CSSVersion": "20190129172214" } }
-
For API details, see SetUiCustomization
in AWS CLI Command Reference.
-
The following code example shows how to use set-user-mfa-preference
.
- AWS CLI
-
To set user MFA settings
The following
set-user-mfa-preference
example modifies the MFA delivery options. It changes the MFA delivery medium to SMS.aws cognito-idp set-user-mfa-preference \ --access-token
"eyJra12345EXAMPLE"
\ --software-token-mfa-settingsEnabled=true,PreferredMfa=true
\ --sms-mfa-settingsEnabled=false,PreferredMfa=false
This command produces no output.
For more information, see Adding MFA to a user pool in the Amazon Cognito Developer Guide.
-
For API details, see SetUserMfaPreference
in AWS CLI Command Reference.
-
The following code example shows how to use set-user-settings
.
- AWS CLI
-
To set user settings
This example sets the MFA delivery preference to EMAIL.
Command:
aws cognito-idp set-user-settings --access-token
ACCESS_TOKEN
--mfa-optionsDeliveryMedium=EMAIL
-
For API details, see SetUserSettings
in AWS CLI Command Reference.
-
The following code example shows how to use sign-up
.
- AWS CLI
-
To sign up a user
This example signs up jane@example.com.
Command:
aws cognito-idp sign-up --client-id
3n4b5urk1ft4fl3mg5e62d9ado
--usernamejane@example.com
--passwordPASSWORD
--user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane"Output:
{ "UserConfirmed": false, "UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862" }
-
For API details, see SignUp
in AWS CLI Command Reference.
-
The following code example shows how to use start-user-import-job
.
- AWS CLI
-
To start a user import job
This example starts a user input job.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp start-user-import-job --user-pool-id
us-west-2_aaaaaaaaa
--job-idimport-TZqNQvDRnW
Output:
{ "UserImportJob": { "JobName": "import-Test10", "JobId": "import-lmpxSOuIzH", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548278378.928, "StartDate": 1548278397.334, "Status": "Pending", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }
-
For API details, see StartUserImportJob
in AWS CLI Command Reference.
-
The following code example shows how to use stop-user-import-job
.
- AWS CLI
-
To stop a user import job
This example stops a user input job.
For more information about importing users, see Importing Users into User Pools From a CSV File.
Command:
aws cognito-idp stop-user-import-job --user-pool-id
us-west-2_aaaaaaaaa
--job-idimport-TZqNQvDRnW
Output:
{ "UserImportJob": { "JobName": "import-Test5", "JobId": "import-Fx0kARISFL", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548278576.259, "StartDate": 1548278623.366, "CompletionDate": 1548278626.741, "Status": "Stopped", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0, "CompletionMessage": "The Import Job was stopped by the developer." } }
-
For API details, see StopUserImportJob
in AWS CLI Command Reference.
-
The following code example shows how to use update-auth-event-feedback
.
- AWS CLI
-
To update auth event feedback
This example updates authorization event feedback. It marks the event "Valid".
Command:
aws cognito-idp update-auth-event-feedback --user-pool-id
us-west-2_aaaaaaaaa
--usernamediego@example.com
--event-idEVENT_ID
--feedback-tokenFEEDBACK_TOKEN
--feedback-value"Valid"
-
For API details, see UpdateAuthEventFeedback
in AWS CLI Command Reference.
-
The following code example shows how to use update-device-status
.
- AWS CLI
-
To update device status
This example updates the status for a device to "not_remembered".
Command:
aws cognito-idp update-device-status --access-token
ACCESS_TOKEN
--device-keyDEVICE_KEY
--device-remembered-status"not_remembered"
-
For API details, see UpdateDeviceStatus
in AWS CLI Command Reference.
-
The following code example shows how to use update-group
.
- AWS CLI
-
To update a group
This example updates the description and precedence for MyGroup.
Command:
aws cognito-idp update-group --user-pool-id
us-west-2_aaaaaaaaa
--group-nameMyGroup
--description"New description"
--precedence2
Output:
{ "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New description", "RoleArn": "arn:aws:iam::111111111111:role/MyRole", "Precedence": 2, "LastModifiedDate": 1548800862.812, "CreationDate": 1548097827.125 } }
-
For API details, see UpdateGroup
in AWS CLI Command Reference.
-
The following code example shows how to use update-resource-server
.
- AWS CLI
-
To update a resource server
This example updates the the resource server Weather. It adds a new scope.
Command:
aws cognito-idp update-resource-server --user-pool-id
us-west-2_aaaaaaaaa
--identifierweather.example.com
--nameWeather
--scopes ScopeName=NewScope,ScopeDescription="New scope description"Output:
{ "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Happy", "Scopes": [ { "ScopeName": "NewScope", "ScopeDescription": "New scope description" } ] } }
-
For API details, see UpdateResourceServer
in AWS CLI Command Reference.
-
The following code example shows how to use update-user-attributes
.
- AWS CLI
-
To update user attributes
This example updates the user attribute "nickname".
Command:
aws cognito-idp update-user-attributes --access-token
ACCESS_TOKEN
--user-attributes Name="nickname",Value="Dan"-
For API details, see UpdateUserAttributes
in AWS CLI Command Reference.
-
The following code example shows how to use update-user-pool-client
.
- AWS CLI
-
To update a user pool client
This example updates the name of a user pool client. It also adds a writeable attribute "nickname".
Command:
aws cognito-idp update-user-pool-client --user-pool-id
us-west-2_aaaaaaaaa
--client-id3n4b5urk1ft4fl3mg5e62d9ado
--client-name"NewClientName"
--write-attributes"nickname"
Output:
{ "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "NewClientName", "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", "LastModifiedDate": 1548802761.334, "CreationDate": 1548178931.258, "RefreshTokenValidity": 30, "WriteAttributes": [ "nickname" ], "AllowedOAuthFlowsUserPoolClient": false } }
-
For API details, see UpdateUserPoolClient
in AWS CLI Command Reference.
-
The following code example shows how to use update-user-pool
.
- AWS CLI
-
To update a user pool
The following
update-user-pool
example modifies a user pool with example syntax for each of the available configuration options. To update a user pool, you must specify all previously-configured options or they will reset to a default value.aws cognito-idp update-user-pool --user-pool-id
us-west-2_EXAMPLE
\ --policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \ --deletion-protectionACTIVE
\ --lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \ --auto-verified-attributes"phone_number"
"email"
\ --verification-message-template \{\"SmsMessage\":\""Your code is {####}"
\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \ --sms-authentication-message "Your code is {####}" \ --user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \ --mfa-configuration"OPTIONAL"
\ --device-configurationChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true
\ --email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \ --sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-add-ons AdvancedSecurityMode="AUDIT" \ --account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]This command produces no output.
For more information, see Updating user pool configuration in the Amazon Cognito Developer Guide.
-
For API details, see UpdateUserPool
in AWS CLI Command Reference.
-