# 使用 AWS CLI 的 Amazon Cognito 身份提供者示例 以下代码示例演示如何通过将 AWS Command Line Interface与 Amazon Cognito 身份提供者结合使用,来执行操作和实现常见场景。 *操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。 每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。 **Topics** + [操作](#actions) ## 操作 ### `add-custom-attributes` 以下代码示例演示了如何使用 `add-custom-attributes`。 **AWS CLI** **添加自定义属性** 此示例将自定义属性 CustomAttr1 添加到用户池。它是 String 类型,最少需要 1 个字符,最多 15 个。但其并非必要项目。 命令: ``` aws cognito-idp add-custom-attributes --user-pool-id us-west-2_aaaaaaaaa --custom-attributes Name="CustomAttr1",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,StringAttributeConstraints="{MinLength=1,MaxLength=15}" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AddCustomAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/add-custom-attributes.html)。 ### `admin-add-user-to-group` 以下代码示例演示了如何使用 `admin-add-user-to-group`。 **AWS CLI** **将用户添加到组** 此示例将用户 Jane 添加到 MyGroup 组。 命令: ``` aws cognito-idp admin-add-user-to-group --user-pool-id us-west-2_aaaaaaaaa --username Jane --group-name MyGroup ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminAddUserToGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-add-user-to-group.html)。 ### `admin-confirm-sign-up` 以下代码示例演示了如何使用 `admin-confirm-sign-up`。 **AWS CLI** **确认用户注册** 此示例确认用户 jane@example.com。 命令: ``` aws cognito-idp admin-confirm-sign-up --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-confirm-sign-up.html)。 ### `admin-create-user` 以下代码示例演示了如何使用 `admin-create-user`。 **AWS CLI** **创建用户** 以下的 `admin-create-user` 示例创建具有指定设置电子邮件地址和电话号码的用户。 ``` aws cognito-idp admin-create-user \ --user-pool-id us-west-2_aaaaaaaaa \ --username diego \ --user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \ --message-action SUPPRESS ``` 输出: ``` { "User": { "Username": "diego", "Attributes": [ { "Name": "sub", "Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2" }, { "Name": "phone_number", "Value": "+15555551212" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548099495.428, "UserLastModifiedDate": 1548099495.428, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminCreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-create-user.html)。 ### `admin-delete-user-attributes` 以下代码示例演示了如何使用 `admin-delete-user-attributes`。 **AWS CLI** **删除用户属性** 此示例删除用户 diego@example.com 的自定义属性 CustomAttr1。 命令: ``` aws cognito-idp admin-delete-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attribute-names "custom:CustomAttr1" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminDeleteUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-delete-user-attributes.html)。 ### `admin-delete-user` 以下代码示例演示了如何使用 `admin-delete-user`。 **AWS CLI** **删除用户** 此示例删除一个用户。 命令: ``` aws cognito-idp admin-delete-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminDeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-delete-user.html)。 ### `admin-disable-provider-for-user` 以下代码示例演示了如何使用 `admin-disable-provider-for-user`。 **AWS CLI** **取消联合用户与本地用户配置文件的关联** 以下 `admin-disable-provider-for-user` 示例断开 Google 用户与其关联的本地配置文件的连接。 ``` aws cognito-idp admin-disable-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Linking federated users to an existing user profile](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminDisableProviderForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-disable-provider-for-user.html)。 ### `admin-disable-user` 以下代码示例演示了如何使用 `admin-disable-user`。 **AWS CLI** **阻止用户登录** 以下 `admin-disable-user` 示例阻止用户 `diego@example.com` 登录。 ``` aws cognito-idp admin-disable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing users](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminDisableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-disable-user.html)。 ### `admin-enable-user` 以下代码示例演示了如何使用 `admin-enable-user`。 **AWS CLI** **允许用户登录** 以下 `admin-enable-user` 示例允许用户 diego@example.com 登录。 ``` aws cognito-idp admin-enable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing users](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminEnableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-enable-user.html)。 ### `admin-forget-device` 以下代码示例演示了如何使用 `admin-forget-device`。 **AWS CLI** **忘记设备** 此示例忘记用户名为 jane@example.com 的设备 命令: ``` aws cognito-idp admin-forget-device --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --device-key us-west-2_abcd_1234-5678 ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminForgetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-forget-device.html)。 ### `admin-get-device` 以下代码示例演示了如何使用 `admin-get-device`。 **AWS CLI** **获取设备** 以下 `admin-get-device` 示例为用户 `diego` 显示一台设备。 ``` aws cognito-idp admin-get-device \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 输出: ``` { "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user devices in your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminGetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-device.html)。 ### `admin-get-user` 以下代码示例演示了如何使用 `admin-get-user`。 **AWS CLI** **获取用户** 此示例获取有关用户名 jane@example.com 的信息。 命令: ``` aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com ``` 输出: ``` { "Username": "4320de44-2322-4620-999b-5e2e1c8df013", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548108509.537, "UserAttributes": [ { "Name": "sub", "Value": "4320de44-2322-4620-999b-5e2e1c8df013" }, { "Name": "email_verified", "Value": "true" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+01115551212" }, { "Name": "email", "Value": "jane@example.com" } ], "UserLastModifiedDate": 1548108509.537 } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminGetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-get-user.html)。 ### `admin-initiate-auth` 以下代码示例演示了如何使用 `admin-initiate-auth`。 **AWS CLI** **以管理员身份注册用户** 以下 `admin-initiate-auth` 示例注册用户 diego@example.com。此示例还包括用于威胁防护的元数据和用于 Lambda 触发器的 ClientMetadata。已为用户配置 TOTP MFA,用户会收到质询,需要先提供来自其身份验证器应用程序的代码,之后才能完成身份验证。 ``` aws cognito-idp admin-initiate-auth \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --auth-flow ADMIN_USER_PASSWORD_AUTH \ --auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \ --context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \ --client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}" ``` 输出: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeExample...", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp", "USER_ID_FOR_SRP": "diego@example.com" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Admin authentication flow](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。 + 有关 API 的详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminInitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-initiate-auth.html)。 ### `admin-link-provider-for-user` 以下代码示例演示了如何使用 `admin-link-provider-for-user`。 **AWS CLI** **将本地用户与联合用户相关联** 以下 `admin-link-provider-for-user` 示例将本地用户 diego 与使用 Google 进行联合登录的用户相关联。 ``` aws cognito-idp admin-link-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --destination-user ProviderName=Cognito,ProviderAttributeValue=diego \ --source-user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Linking federated users to an existing user profile](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminLinkProviderForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-link-provider-for-user.html)。 ### `admin-list-devices` 以下代码示例演示了如何使用 `admin-list-devices`。 **AWS CLI** **列出用户的设备** 以下 `admin-list-devices` 示例为用户 diego 列出设备。 ``` aws cognito-idp admin-list-devices \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --limit 1 ``` 输出: ``` { "Devices": [ { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user devices in your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminListDevices](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-devices.html)。 ### `admin-list-groups-for-user` 以下代码示例演示了如何使用 `admin-list-groups-for-user`。 **AWS CLI** **列出用户的组** 此示例列出用户名为 jane@example.com 的组。 命令: ``` aws cognito-idp admin-list-groups-for-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` 输出: ``` { "Groups": [ { "Description": "Sample group", "Precedence": 1, "LastModifiedDate": 1548097827.125, "RoleArn": "arn:aws:iam::111111111111:role/SampleRole", "GroupName": "SampleGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "CreationDate": 1548097827.125 } ] } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminListGroupsForUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-groups-for-user.html)。 ### `admin-list-user-auth-events` 以下代码示例演示了如何使用 `admin-list-user-auth-events`。 **AWS CLI** **列出用户的授权事件** 以下 `admin-list-user-auth-events` 示例列出用户 diego 的最新用户活动日志事件。 ``` aws cognito-idp admin-list-user-auth-events \ --user-pool-id us-west-2_ywDJHlIfU \ --username brcotter+050123 \ --max-results 1 ``` 输出: ``` { "AuthEvents": [ { "EventId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "EventType": "SignIn", "CreationDate": 1726694203.495, "EventResponse": "InProgress", "EventRisk": { "RiskDecision": "AccountTakeover", "RiskLevel": "Medium", "CompromisedCredentialsDetected": false }, "ChallengeResponses": [ { "ChallengeName": "Password", "ChallengeResponse": "Success" } ], "EventContextData": { "IpAddress": "192.0.2.1", "City": "Seattle", "Country": "United States" } } ], "NextToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222#2024-09-18T21:16:43.495Z" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Viewing and exporting user event history](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-event-user-history)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminListUserAuthEvents](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-list-user-auth-events.html)。 ### `admin-remove-user-from-group` 以下代码示例演示了如何使用 `admin-remove-user-from-group`。 **AWS CLI** **从组中移除用户** 此示例从 SampleGroup 中移除 jane@example.com。 命令: ``` aws cognito-idp admin-remove-user-from-group --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --group-name SampleGroup ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminRemoveUserFromGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-remove-user-from-group.html)。 ### `admin-reset-user-password` 以下代码示例演示了如何使用 `admin-reset-user-password`。 **AWS CLI** **重置用户密码** 此示例重置 diego@example.com 的密码。 命令: ``` aws cognito-idp admin-reset-user-password --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminResetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-reset-user-password.html)。 ### `admin-respond-to-auth-challenge` 以下代码示例演示了如何使用 `admin-respond-to-auth-challenge`。 **AWS CLI** **响应身份验证质询** 可以通过多种方式响应不同的身份验证质询,具体取决于身份验证流程、用户池配置和用户设置。以下 `admin-respond-to-auth-challenge` 示例提供 diego@example.com 的 TOTP MFA 代码并完成登录。此用户池已启用设备记忆功能,因此身份验证结果还将返回新的设备密钥。 ``` aws cognito-idp admin-respond-to-auth-challenge \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \ --session AYABeExample... ``` 输出: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-ExAmPlE1" } } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Admin authentication flow](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html#amazon-cognito-user-pools-admin-authentication-flow)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminRespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html)。 ### `admin-set-user-mfa-preference` 以下代码示例演示了如何使用 `admin-set-user-mfa-preference`。 **AWS CLI** **设置用户 MFA 首选项** 此示例设置用户名 diego@example.com 的 SMS MFA 首选项。 命令: ``` aws cognito-idp admin-set-user-mfa-preference --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --sms-mfa-settings Enabled=false,PreferredMfa=false ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminSetUserMfaPreference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-mfa-preference.html)。 ### `admin-set-user-password` 以下代码示例演示了如何使用 `admin-set-user-password`。 **AWS CLI** **以管理员身份设置用户密码** 以下 `admin-set-user-password` 示例永久设置 diego@example.com 的密码。 ``` aws cognito-idp admin-set-user-password \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com \ --password MyExamplePassword1! \ --permanent ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Passwords, password recovery, and password policies](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users-passwords.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminSetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-password.html)。 ### `admin-set-user-settings` 以下代码示例演示了如何使用 `admin-set-user-settings`。 **AWS CLI** **设置用户设置** 此示例将用户名 diego@example.com 的 MFA 发送首选项设置为 EMAIL。 命令: ``` aws cognito-idp admin-set-user-settings --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --mfa-options DeliveryMedium=EMAIL ``` + 有关 API 详细信息,请参阅《AWS CLI API 参考》**中的 [AdminSetUserSettings](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-set-user-settings.html)。 ### `admin-update-auth-event-feedback` 以下代码示例演示了如何使用 `admin-update-auth-event-feedback`。 **AWS CLI** **提供授权事件的反馈** 此示例将由 event-id 标识的授权事件的反馈值设置为“有效”。 命令: ``` aws cognito-idp admin-update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id c2c2cf89-c0d3-482d-aba6-99d78a5b0bfe --feedback-value Valid ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminUpdateAuthEventFeedback](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-auth-event-feedback.html)。 ### `admin-update-device-status` 以下代码示例演示了如何使用 `admin-update-device-status`。 **AWS CLI** **更新设备状态** 此示例将由 device-key 标识的设备的设备记忆状态设置为 not\$1remembered。 命令: ``` aws cognito-idp admin-update-device-status --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --device-key xxxx --device-remembered-status not_remembered ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminUpdateDeviceStatus](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-device-status.html)。 ### `admin-update-user-attributes` 以下代码示例演示了如何使用 `admin-update-user-attributes`。 **AWS CLI** **更新用户属性** 此示例更新用户 diego@example.com 的自定义用户属性 CustomAttr1。 命令: ``` aws cognito-idp admin-update-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attributes Name="custom:CustomAttr1",Value="Purple" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [AdminUpdateUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-update-user-attributes.html)。 ### `admin-user-global-sign-out` 以下代码示例演示了如何使用 `admin-user-global-sign-out`。 **AWS CLI** **以管理员身份注销用户** 以下 `admin-user-global-sign-out` 示例注销用户 diego@example.com。 ``` aws cognito-idp admin-user-global-sign-out \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication with a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AdminUserGlobalSignOut](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-user-global-sign-out.html)。 ### `associate-software-token` 以下代码示例演示了如何使用 `associate-software-token`。 **AWS CLI** **为 MFA 身份验证器应用程序生成私有密钥** 以下 `associate-software-token` 示例为已注册并收到访问令牌的用户生成 TOTP 私有密钥。可手动将生成的私有密钥输入到身份验证器应用程序中,或者应用程序可以将私有密钥呈现为用户可扫描的二维码。 ``` aws cognito-idp associate-software-token \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "SecretCode": "QWERTYUIOP123456EXAMPLE" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [TOTP software token MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AssociateSoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/associate-software-token.html)。 ### `change-password` 以下代码示例演示了如何使用 `change-password`。 **AWS CLI** **更改密码** 此示例更改密码。 命令: ``` aws cognito-idp change-password --previous-password OldPassword --proposed-password NewPassword --access-token ACCESS_TOKEN ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ChangePassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/change-password.html)。 ### `confirm-device` 以下代码示例演示了如何使用 `confirm-device`。 **AWS CLI** **确认用户设备** 以下 `confirm-device` 示例为当前用户添加新的记忆设备。 ``` aws cognito-idp confirm-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ --device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0 ``` 输出: ``` { "UserConfirmationNecessary": false } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user devices in your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ConfirmDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-device.html)。 ### `confirm-forgot-password` 以下代码示例演示了如何使用 `confirm-forgot-password`。 **AWS CLI** **确认忘记的密码** 此示例确认用户名 diego@example.com 的已忘记密码。 命令: ``` aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ConfirmForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-forgot-password.html)。 ### `confirm-sign-up` 以下代码示例演示了如何使用 `confirm-sign-up`。 **AWS CLI** **确认注册** 此示例确认用户名 diego@example.com 的注册。 命令: ``` aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ConfirmSignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/confirm-sign-up.html)。 ### `create-group` 以下代码示例演示了如何使用 `create-group`。 **AWS CLI** **创建组** 此示例创建一个带有说明的组。 命令: ``` aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroup --description "New group." ``` 输出: ``` { "Group": { "GroupName": "MyNewGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group.", "LastModifiedDate": 1548270073.795, "CreationDate": 1548270073.795 } } ``` **创建具有角色和优先级的组** 此示例创建一个带有说明的组。它还包括“角色”和“优先级”。 命令: ``` aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroupWithRole --description "New group with a role." --role-arn arn:aws:iam::111111111111:role/MyNewGroupRole --precedence 2 ``` 输出: ``` { "Group": { "GroupName": "MyNewGroupWithRole", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group with a role.", "RoleArn": "arn:aws:iam::111111111111:role/MyNewGroupRole", "Precedence": 2, "LastModifiedDate": 1548270211.761, "CreationDate": 1548270211.761 } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-group.html)。 ### `create-identity-provider` 以下代码示例演示了如何使用 `create-identity-provider`。 **AWS CLI** **示例 1:使用元数据 URL 创建用户池 SAML 身份提供者(IdP)** 以下 `create-identity-provider` 示例使用来自公共 URL 的元数据、属性映射和两个标识符创建新的 SAML IdP。 ``` aws cognito-idp create-identity-provider \ --user-pool-id us-west-2_EXAMPLE \ --provider-name MySAML \ --provider-type SAML \ --provider-details IDPInit=true,IDPSignout=true,EncryptedResponses=true,MetadataURL=https://auth.example.com/sso/saml/metadata,RequestSigningAlgorithm=rsa-sha256 \ --attribute-mapping email=emailaddress,phone_number=phone,custom:111=department \ --idp-identifiers CorpSAML WestSAML ``` 输出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "MIICvTCCAaEXAMPLE", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }, "AttributeMapping": { "custom:111": "department", "emailaddress": "email", "phone": "phone_number" }, "IdpIdentifiers": [ "CorpSAML", "WestSAML" ], "LastModifiedDate": 1726853833.977, "CreationDate": 1726853833.977 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding user pool sign-in through a third party](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 **示例 2:使用元数据文件创建用户池 SAML 身份提供者(IdP)** 以下 `create-identity-provider` 示例使用来自文件的元数据、属性映射和两个标识符创建新的 SAML IdP。对于不同的操作系统,`--provider-details` 参数中的文件语法会有所不同。可以非常轻松地为此操作创建 JSON 输入文件。 ``` aws cognito-idp create-identity-provider \ --cli-input-json file://.\SAML-identity-provider.json ``` 的内容`SAML-identity-provider.json`: ``` { "AttributeMapping": { "email" : "idp_email", "email_verified" : "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "ProviderDetails": { "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "IDPSignout" : "true", "RequestSigningAlgorithm" : "rsa-sha256", "EncryptedResponses" : "true", "IDPInit" : "true" }, "ProviderName": "MySAML2", "ProviderType": "SAML", "UserPoolId": "us-west-2_EXAMPLE" } ``` 输出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML2", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "[USER_POOL_ENCRYPTION_CERTIFICATE_DATA]", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://www.example.com/slo/saml", "SSORedirectBindingURI": "https://www.example.com/sso/saml" }, "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "LastModifiedDate": 1726855290.731, "CreationDate": 1726855290.731 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding user pool sign-in through a third party](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-identity-provider.html)。 ### `create-resource-server` 以下代码示例演示了如何使用 `create-resource-server`。 **AWS CLI** **创建用户池客户端** 以下 `create-resource-server` 示例创建具有自定义范围的新资源服务器。 ``` aws cognito-idp create-resource-server \ --user-pool-id us-west-2_EXAMPLE \ --identifier solar-system-data \ --name "Solar system object tracker" \ --scopes ScopeName=sunproximity.read,ScopeDescription="Distance in AU from Sol" ScopeName=asteroids.add,ScopeDescription="Enter a new asteroid" ``` 输出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_EXAMPLE", "Identifier": "solar-system-data", "Name": "Solar system object tracker", "Scopes": [ { "ScopeName": "sunproximity.read", "ScopeDescription": "Distance in AU from Sol" }, { "ScopeName": "asteroids.add", "ScopeDescription": "Enter a new asteroid" } ] } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Scopes, M2M, and APIs with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-resource-server.html)。 ### `create-user-import-job` 以下代码示例演示了如何使用 `create-user-import-job`。 **AWS CLI** **创建用户导入任务** 此示例创建一个名为 MyImportJob 的用户导入任务。 有关导入用户的更多信息,请参阅“从 CSV 文件将用户导入用户池”。 命令: ``` aws cognito-idp create-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-name MyImportJob --cloud-watch-logs-role-arn arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole ``` 输出: ``` { "UserImportJob": { "JobName": "MyImportJob", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } } ``` 使用预签名 URL 上传带 curl 的 .csv 文件: 命令: ``` curl -v -T "PATH_TO_CSV_FILE" -H "x-amz-server-side-encryption:aws:kms" "PRE_SIGNED_URL" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-import-job.html)。 ### `create-user-pool-client` 以下代码示例演示了如何使用 `create-user-pool-client`。 **AWS CLI** **创建用户池客户端** 以下 `create-user-pool-client` 示例创建新的用户池客户端,该客户端具有客户端密钥、显式读取和写入属性、使用用户名密码和 SRP 流程进行登录、使用三个 IdP 进行登录、访问一部分 OAuth 范围、PinPoint 分析和延长的身份验证会话有效期。 ``` aws cognito-idp create-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-name MyTestClient \ --generate-secret \ --refresh-token-validity 10 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes email phone_number email_verified phone_number_verified \ --write-attributes email phone_number \ --explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \ --supported-identity-providers Google Facebook MyOIDC \ --callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \ --allowed-o-auth-flows code implicit \ --allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \ --allowed-o-auth-flows-user-pool-client \ --analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --enable-propagate-additional-user-context-data \ --auth-session-validity 4 ``` 输出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "MyTestClient", "ClientId": "123abc456defEXAMPLE", "ClientSecret": "this1234is5678my91011example1213client1415secret", "LastModifiedDate": 1726788459.464, "CreationDate": 1726788459.464, "RefreshTokenValidity": 10, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "email_verified", "phone_number_verified", "phone_number", "email" ], "WriteAttributes": [ "phone_number", "email" ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "MyOIDC", "Facebook" ], "CallbackURLs": [ "https://example.com", "https://www.amazon.com", "myapp://example", "http://localhost:8001" ], "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile", "solar-system-data/asteroids.add" ], "AllowedOAuthFlowsUserPoolClient": true, "AnalyticsConfiguration": { "ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid", "RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp", "UserDataShared": true }, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": true, "AuthSessionValidity": 4 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Application-specific settings with app clients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 有关 API 的详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)。 ### `create-user-pool-domain` 以下代码示例演示了如何使用 `create-user-pool-domain`。 **AWS CLI** **示例 1:创建用户池域** 以下 `create-user-pool-domain` 示例创建新的自定义域。 ``` aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE \ --domain auth.example.com \ --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222 ``` 输出: ``` { "CloudFrontDomain": "example1domain.cloudfront.net" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Configuring a user pool domain](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 **示例 2:创建用户池域** 以下 `create-user-pool-domain` 示例使用服务拥有的前缀创建新域。 ``` aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE2 \ --domain mydomainprefix ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Configuring a user pool domain](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-domain.html)。 ### `create-user-pool` 以下代码示例演示了如何使用 `create-user-pool`。 **AWS CLI** **创建最低配置的用户池** 此示例将使用默认值创建一个名为 MyUserPool 的用户池。没有必要的属性,也没有应用程序客户端。MFA 和高级安全功能已禁用。 命令: ``` aws cognito-idp create-user-pool --pool-name MyUserPool ``` 输出: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547833345.777, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": {}, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "CreationDate": 1547833345.777, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` **创建具有两个必要属性的用户池** 此示例创建一个用户池 MyUserPool。该池配置为接受电子邮件作为用户名属性。它还使用 Amazon Simple Email Service 将电子邮件源地址设置为经过验证的地址。 命令: ``` aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com" ``` 输出: ``` { "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547837788.189, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "jane@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com" }, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UsernameAttributes": [ "email" ], "CreationDate": 1547837788.189, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } } ``` + 有关 API 的详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool.html)。 ### `delete-group` 以下代码示例演示了如何使用 `delete-group`。 **AWS CLI** **删除组** 此示例删除组。 命令: ``` aws cognito-idp delete-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroupName ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-group.html)。 ### `delete-identity-provider` 以下代码示例演示了如何使用 `delete-identity-provider`。 **AWS CLI** **删除身份提供者** 此示例删除一个身份提供者。 命令: ``` aws cognito-idp delete-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-identity-provider.html)。 ### `delete-resource-server` 以下代码示例演示了如何使用 `delete-resource-server`。 **AWS CLI** **删除资源服务器** 此示例删除一个名为 weather.example.com 的资源服务器。 命令: ``` aws cognito-idp delete-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-resource-server.html)。 ### `delete-user-attributes` 以下代码示例演示了如何使用 `delete-user-attributes`。 **AWS CLI** **删除用户属性** 以下 `delete-user-attributes` 示例从当前已登录用户中删除自定义属性“custom:attribute”。 ``` aws cognito-idp delete-user-attributes \ --access-token ACCESS_TOKEN \ --user-attribute-names "custom:department" ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-attributes.html)。 ### `delete-user-pool-client` 以下代码示例演示了如何使用 `delete-user-pool-client`。 **AWS CLI** **删除用户池客户端** 此示例删除一个用户池客户端。 命令: ``` aws cognito-idp delete-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0 ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool-client.html)。 ### `delete-user-pool-domain` 以下代码示例演示了如何使用 `delete-user-pool-domain`。 **AWS CLI** **删除用户池域** 以下 `delete-user-pool-domain` 示例删除名为 `my-domain` 的用户池域。 ``` aws cognito-idp delete-user-pool-domain \ --user-pool-id us-west-2_aaaaaaaaa \ --domain my-domain ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool-domain.html)。 ### `delete-user-pool` 以下代码示例演示了如何使用 `delete-user-pool`。 **AWS CLI** **删除用户池** 此示例使用用户池 ID us-west-2\$1aaaaaaaaa 删除用户池。 命令: ``` aws cognito-idp delete-user-pool --user-pool-id us-west-2_aaaaaaaaa ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user-pool.html)。 ### `delete-user` 以下代码示例演示了如何使用 `delete-user`。 **AWS CLI** **删除用户** 此示例删除一个用户。 命令: ``` aws cognito-idp delete-user --access-token ACCESS_TOKEN ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/delete-user.html)。 ### `describe-identity-provider` 以下代码示例演示了如何使用 `describe-identity-provider`。 **AWS CLI** **描述身份提供者** 此示例描述一个名为 Facebook 的身份提供者。 命令: ``` aws cognito-idp describe-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook ``` 输出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_aaaaaaaaa", "ProviderName": "Facebook", "ProviderType": "Facebook", "ProviderDetails": { "attributes_url": "https://graph.facebook.com/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": myscope", "authorize_url": "https://www.facebook.com/v2.9/dialog/oauth", "client_id": "11111", "client_secret": "11111", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v2.9/oauth/access_token" }, "AttributeMapping": { "username": "id" }, "IdpIdentifiers": [], "LastModifiedDate": 1548105901.736, "CreationDate": 1548105901.736 } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-identity-provider.html)。 ### `describe-resource-server` 以下代码示例演示了如何使用 `describe-resource-server`。 **AWS CLI** **描述资源服务器** 此示例描述资源服务器 weather.example.com。 命令: ``` aws cognito-idp describe-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com ``` 输出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Weather", "Scopes": [ { "ScopeName": "weather.update", "ScopeDescription": "Update weather forecast" }, { "ScopeName": "weather.read", "ScopeDescription": "Read weather forecasts" }, { "ScopeName": "weather.delete", "ScopeDescription": "Delete a weather forecast" } ] } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-resource-server.html)。 ### `describe-risk-configuration` 以下代码示例演示了如何使用 `describe-risk-configuration`。 **AWS CLI** **描述风险配置** 此示例描述与池 us-west-2\$1aaaaaaaaa 相关的风险配置。 命令: ``` aws cognito-idp describe-risk-configuration --user-pool-id us-west-2_aaaaaaaaa ``` 输出: ``` { "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_IN", "SIGN_UP", "PASSWORD_CHANGE" ], "Actions": { "EventAction": "BLOCK" } }, "AccountTakeoverRiskConfiguration": { "NotifyConfiguration": { "From": "diego@example.com", "ReplyTo": "diego@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/diego@example.com", "BlockEmail": { "Subject": "Blocked sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "Subject": "New sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "MfaEmail": { "Subject": "New sign-in attempt", "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" } }, "Actions": { "LowAction": { "Notify": true, "EventAction": "NO_ACTION" }, "MediumAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" }, "HighAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" } } } } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeRiskConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-risk-configuration.html)。 ### `describe-user-import-job` 以下代码示例演示了如何使用 `describe-user-import-job`。 **AWS CLI** **描述用户导入任务** 此示例描述用户输入任务。 有关导入用户的更多信息,请参阅“从 CSV 文件将用户导入用户池”。 命令: ``` aws cognito-idp describe-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW ``` 输出: ``` { "UserImportJob": { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED URL", "CreationDate": 1548271708.512, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-import-job.html)。 ### `describe-user-pool-client` 以下代码示例演示了如何使用 `describe-user-pool-client`。 **AWS CLI** **描述用户池客户端** 此示例描述一个用户池客户端。 命令: ``` aws cognito-idp describe-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0 ``` 输出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "MyApp", "ClientId": "38fjsnc484p94kpqsnet7mpld0", "ClientSecret": "CLIENT_SECRET", "LastModifiedDate": 1548108676.163, "CreationDate": 1548108676.163, "RefreshTokenValidity": 30, "ReadAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "WriteAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "ExplicitAuthFlows": [ "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH" ], "AllowedOAuthFlowsUserPoolClient": false } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool-client.html)。 ### `describe-user-pool-domain` 以下代码示例演示了如何使用 `describe-user-pool-domain`。 **AWS CLI** **描述用户池客户端** 此示例描述一个名为 my-domain 的用户池域。 命令: ``` aws cognito-idp describe-user-pool-domain --domain my-domain ``` 输出: ``` { "DomainDescription": { "UserPoolId": "us-west-2_aaaaaaaaa", "AWSAccountId": "111111111111", "Domain": "my-domain", "S3Bucket": "aws-cognito-prod-pdx-assets", "CloudFrontDistribution": "aaaaaaaaaaaaa.cloudfront.net", "Version": "20190128175402", "Status": "ACTIVE", "CustomDomainConfig": {} } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool-domain.html)。 ### `describe-user-pool` 以下代码示例演示了如何使用 `describe-user-pool`。 **AWS CLI** **描述用户池** 以下示例描述用户池 ID 为 us-west-2\$1EXAMPLE 的用户池。 ``` aws cognito-idp describe-user-pool \ --user-pool-id us-west-2_EXAMPLE ``` 输出: ``` { "UserPool": { "Id": "us-west-2_EXAMPLE", "Name": "MyUserPool", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireUppercase": true, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "TemporaryPasswordValidityDays": 1 } }, "DeletionProtection": "ACTIVE", "LambdaConfig": { "PreSignUp": "arn:aws:lambda:us-west-2:123456789012:function:MyPreSignUpFunction", "CustomMessage": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomMessageFunction", "PostConfirmation": "arn:aws:lambda:us-west-2:123456789012:function:MyPostConfirmationFunction", "PreAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPreAuthenticationFunction", "PostAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPostAuthenticationFunction", "DefineAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyDefineAuthChallengeFunction", "CreateAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyCreateAuthChallengeFunction", "VerifyAuthChallengeResponse": "arn:aws:lambda:us-west-2:123456789012:function:MyVerifyAuthChallengeFunction", "PreTokenGeneration": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction", "UserMigration": "arn:aws:lambda:us-west-2:123456789012:function:MyMigrateUserFunction", "PreTokenGenerationConfig": { "LambdaVersion": "V2_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction" }, "CustomSMSSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomSMSSenderFunction" }, "CustomEmailSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomEmailSenderFunction" }, "KMSKeyID": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, "LastModifiedDate": 1726784814.598, "CreationDate": 1602103465.273, "SchemaAttributes": [ { "Name": "sub", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": false, "Required": true, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" } }, { "Name": "name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "given_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "family_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "middle_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "nickname", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "preferred_username", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "profile", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "picture", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "website", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "gender", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "birthdate", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" } }, { "Name": "zoneinfo", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "locale", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "address", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "updated_at", "AttributeDataType": "Number", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "NumberAttributeConstraints": { "MinValue": "0" } }, { "Name": "identities", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": {} }, { "Name": "custom:111", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "256" } }, { "Name": "dev:custom:222", "AttributeDataType": "String", "DeveloperOnlyAttribute": true, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "421" } }, { "Name": "custom:accesstoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } }, { "Name": "custom:idtoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } } ], "AutoVerifiedAttributes": [ "email" ], "SmsVerificationMessage": "Your verification code is {####}. ", "EmailVerificationMessage": "Your verification code is {####}. ", "EmailVerificationSubject": "Your verification code", "VerificationMessageTemplate": { "SmsMessage": "Your verification code is {####}. ", "EmailMessage": "Your verification code is {####}. ", "EmailSubject": "Your verification code", "EmailMessageByLink": "Please click the link below to verify your email address. {##Verify Your Email##}\n this is from us-west-2_ywDJHlIfU", "EmailSubjectByLink": "Your verification link", "DefaultEmailOption": "CONFIRM_WITH_LINK" }, "SmsAuthenticationMessage": "Your verification code is {####}. ", "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [] }, "MfaConfiguration": "OPTIONAL", "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": true, "DeviceOnlyRememberedOnUserPrompt": false }, "EstimatedNumberOfUsers": 166, "EmailConfiguration": { "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com", "EmailSendingAccount": "DEVELOPER" }, "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/userpool-SMS-Role", "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsRegion": "us-west-2" }, "UserPoolTags": {}, "Domain": "myCustomDomain", "CustomDomain": "auth.example.com", "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": false, "UnusedAccountValidityDays": 1, "InviteMessageTemplate": { "SMSMessage": "Your username is {username} and temporary password is {####}. ", "EmailMessage": "Your username is {username} and temporary password is {####}. ", "EmailSubject": "Your temporary password" } }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", "AdvancedSecurityAdditionalFlows": {} }, "Arn": "arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE", "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Priority": 1, "Name": "verified_email" } ] } } } ``` 有关更多信息,请参阅 *Amazon Cognito 开发人员指南*中的 [Amazon Cognito 用户池](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/describe-user-pool.html)。 ### `forget-device` 以下代码示例演示了如何使用 `forget-device`。 **AWS CLI** **忘记设备** 此示例忘记一个设备。 命令: ``` aws cognito-idp forget-device --device-key us-west-2_abcd_1234-5678 ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ForgetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forget-device.html)。 ### `forgot-password` 以下代码示例演示了如何使用 `forgot-password`。 **AWS CLI** **强制更改密码** 以下的 `forgot-password` 示例向 jane@example.com 发送一条消息,要求他们更改密码。 ``` aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com ``` 输出: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ForgotPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/forgot-password.html)。 ### `get-csv-header` 以下代码示例演示了如何使用 `get-csv-header`。 **AWS CLI** **创建 csv 标题** 此示例创建一个 csv 标题。 有关导入用户的更多信息,请参阅“从 CSV 文件将用户导入用户池”。 命令: ``` aws cognito-idp get-csv-header --user-pool-id us-west-2_aaaaaaaaa ``` 输出: ``` { "UserPoolId": "us-west-2_aaaaaaaaa", "CSVHeader": [ "name", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "email", "email_verified", "gender", "birthdate", "zoneinfo", "locale", "phone_number", "phone_number_verified", "address", "updated_at", "cognito:mfa_enabled", "cognito:username" ] } ``` ...从 CSV 文件将用户导入用户池:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetCsvHeader](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-csv-header.html)。 ### `get-device` 以下代码示例演示了如何使用 `get-device`。 **AWS CLI** **获取设备** 以下 `get-device` 示例为当前已登录用户显示一台设备。 ``` aws cognito-idp get-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 输出: ``` { "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with user devices in your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetDevice](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-device.html)。 ### `get-group` 以下代码示例演示了如何使用 `get-group`。 **AWS CLI** **获取有关组的信息** 以下 `get-group` 示例列出名为 `MyGroup` 的用户组的属性。此组具有优先级及其关联的 IAM 角色。 ``` aws cognito-idp get-group \ --user-pool-id us-west-2_EXAMPLE \ --group-name MyGroup ``` 输出: ``` { "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_EXAMPLE", "RoleArn": "arn:aws:iam::123456789012:role/example-cognito-role", "Precedence": 7, "LastModifiedDate": 1697211218.305, "CreationDate": 1611685503.954 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding groups to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-group.html)。 ### `get-identity-provider-by-identifier` 以下代码示例演示了如何使用 `get-identity-provider-by-identifier`。 **AWS CLI** **从 IdP 标识符获取身份提供者的配置** 以下 `get-identity-provider-by-identifier` 示例返回带有标识符 `mysso` 的身份提供者的配置。 ``` aws cognito-idp get-identity-provider-by-identifier \ --user-pool-id us-west-2_EXAMPLE \ --idp-identifier mysso ``` 输出: ``` { "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MYSAML", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "[Certificate contents]", "IDPSignout": "false", "MetadataURL": "https://auth.example.com/saml/metadata/", "SLORedirectBindingURI": "https://auth.example.com/saml/logout/", "SSORedirectBindingURI": "https://auth.example.com/saml/assertion/" }, "AttributeMapping": { "email": "email" }, "IdpIdentifiers": [ "mysso", "mysamlsso" ], "LastModifiedDate": 1705616729.188, "CreationDate": 1643734622.919 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Third-party IdP sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetIdentityProviderByIdentifier](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-identity-provider-by-identifier.html)。 ### `get-log-delivery-configuration` 以下代码示例演示了如何使用 `get-log-delivery-configuration`。 **AWS CLI** **显示日志传输配置** 以下 `get-log-delivery-configuration` 示例显示所请求的用户池的日志导出设置。 ``` aws cognito-idp get-log-delivery-configuration \ --user-pool-id us-west-2_EXAMPLE ``` 输出: ``` { "LogDeliveryConfiguration": { "UserPoolId": "us-west-2_EXAMPLE", "LogConfigurations": [ { "LogLevel": "INFO", "EventSource": "userAuthEvents", "FirehoseConfiguration": { "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/my-test-deliverystream" } }, { "LogLevel": "ERROR", "EventSource": "userNotification", "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:my-message-delivery-logs" } } ] } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Exporting user pool logs](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetLogDeliveryConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-log-delivery-configuration.html)。 ### `get-signing-certificate` 以下代码示例演示了如何使用 `get-signing-certificate`。 **AWS CLI** **显示 SAML 签名证书** 以下 `get-signing-certificate` 示例显示了请求用户池的 SAML 2.0 签名证书。 ``` aws cognito-idp get-signing-certificate \ --user-pool-id us-west-2_EXAMPLE ``` 输出: ``` { "Certificate": "[Certificate content]" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [SAML signing and encryption](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetSigningCertificate](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-signing-certificate.html)。 ### `get-ui-customization` 以下代码示例演示了如何使用 `get-ui-customization`。 **AWS CLI** **显示应用程序客户端的经典托管 UI 自定义设置** 以下 `get-ui-customization` 示例显示了未从用户池继承设置的应用程序客户端的经典托管 UI 自定义设置。 ``` aws cognito-idp get-ui-customization \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 ``` 输出: ``` { "UICustomization": { "UserPoolId": "us-west-2_EXAMPLE", "ClientId": "1example23456789", "ImageUrl": "https://example.cloudfront.net/us-west-2_EXAMPLE/1example23456789/20250115191928/assets/images/image.jpg", "CSS": "\n.logo-customizable {\n max-width: 80%;\n max-height: 30%;\n}\n\n.banner-customizable {\n padding: 25px 0px 25px 0px;\n background-color: lightgray;\n}\n\n.label-customizable {\n font-weight: 400;\n}\n\n.textDescription-customizable {\n padding-top: 100px;\n padding-bottom: 10px;\n display: block;\n font-size: 12px;\n}\n\n.idpDescription-customizable {\n padding-top: 10px;\n padding-bottom: 10px;\n display: block;\n font-size: 16px;\n}\n\n.legalText-customizable {\n color: #747474;\n font-size: 11px;\n}\n\n.submitButton-customizable {\n font-size: 14px;\n font-weight: bold;\n margin: 20px 0px 10px 0px;\n height: 50px;\n width: 100%;\n color: #fff;\n background-color: #337ab7;\n}\n\n.submitButton-customizable:hover {\n color: #fff;\n background-color: #286090;\n}\n\n.errorMessage-customizable {\n padding: 5px;\n font-size: 12px;\n width: 100%;\n background: #F5F5F5;\n border: 2px solid #D64958;\n color: #D64958;\n}\n\n.inputField-customizable {\n width: 100%;\n height: 34px;\n color: #555;\n background-color: #fff;\n border: 1px solid #ccc;\n}\n\n.inputField-customizable:focus {\n border-color: #66afe9;\n outline: 0;\n}\n\n.idpButton-customizable {\n height: 40px;\n width: 100%;\n width: 100%;\n text-align: center;\n margin-bottom: 15px;\n color: #fff;\n background-color: #5bc0de;\n border-color: #46b8da;\n}\n\n.idpButton-customizable:hover {\n color: #fff;\n background-color: #31b0d5;\n}\n\n.socialButton-customizable {\n border-radius: 2px;\n height: 60px;\n margin-bottom: 15px;\n padding: 1px;\n text-align: left;\n width: 100%;\n}\n\n.redirect-customizable {\n text-align: center;\n}\n\n.passwordCheck-notValid-customizable {\n color: #DF3312;\n}\n\n.passwordCheck-valid-customizable {\n color: #19BF00;\n}\n\n.background-customizable {\n background-color: #fff;\n}\n", "CSSVersion": "20250115191928" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Hosted UI (classic) branding](https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetUiCustomization](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-ui-customization.html)。 ### `get-user-attribute-verification-code` 以下代码示例演示了如何使用 `get-user-attribute-verification-code`。 **AWS CLI** **向当前用户发送属性验证码** 以下 `get-user-attribute-verification-code` 示例向当前登录用户的电子邮件地址发送属性验证码。 ``` aws cognito-idp get-user-attribute-verification-code \ --access-token eyJra456defEXAMPLE \ --attribute-name email ``` 输出: ``` { "CodeDeliveryDetails": { "Destination": "a***@e***", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` 有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[注册并确认用户账户](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetUserAttributeVerificationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-attribute-verification-code.html)。 ### `get-user-auth-factors` 以下代码示例演示了如何使用 `get-user-auth-factors`。 **AWS CLI** **列出当前用户可用的身份验证因素** 以下 `get-user-auth-factors` 示例列出了当前登录用户可用的身份验证因素。 ``` aws cognito-idp get-user-auth-factors \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "Username": "testuser", "ConfiguredUserAuthFactors": [ "PASSWORD", "EMAIL_OTP", "SMS_OTP", "WEB_AUTHN" ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetUserAuthFactors](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-auth-factors.html)。 ### `get-user-pool-mfa-config` 以下代码示例演示了如何使用 `get-user-pool-mfa-config`。 **AWS CLI** **显示用户池的多重身份验证和 WebAuthn 设置** 以下 `get-user-pool-mfa-config` 示例显示了所请求的用户池的 MFA 和 WebAuthn 配置。 ``` aws cognito-idp get-user-pool-mfa-config \ --user-pool-id us-west-2_EXAMPLE ``` 输出: ``` { "SmsMfaConfiguration": { "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/my-SMS-Role", "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsRegion": "us-west-2" } }, "SoftwareTokenMfaConfiguration": { "Enabled": true }, "EmailMfaConfiguration": { "Message": "Your OTP for MFA or sign-in: use {####}", "Subject": "OTP test" }, "MfaConfiguration": "OPTIONAL", "WebAuthnConfiguration": { "RelyingPartyId": "auth.example.com", "UserVerification": "preferred" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetUserPoolMfaConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-pool-mfa-config.html)。 ### `get-user` 以下代码示例演示了如何使用 `get-user`。 **AWS CLI** **获取当前用户的详细信息** 以下 `get-user` 示例显示了当前登录用户的配置文件。 ``` aws cognito-idp get-user \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "Username": "johndoe", "UserAttributes": [ { "Name": "sub", "Value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "identities", "Value": "[{\"userId\":\"a1b2c3d4-5678-90ab-cdef-EXAMPLE22222\",\"providerName\":\"SignInWithApple\",\"providerType\":\"SignInWithApple\",\"issuer\":null,\"primary\":false,\"dateCreated\":1701125599632}]" }, { "Name": "email_verified", "Value": "true" }, { "Name": "custom:state", "Value": "Maine" }, { "Name": "name", "Value": "John Doe" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+12065551212" }, { "Name": "preferred_username", "Value": "jamesdoe" }, { "Name": "locale", "Value": "EMEA" }, { "Name": "email", "Value": "jamesdoe@example.com" } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing users](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考**》中的 [GetUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user.html)。 ### `global-sign-out` 以下代码示例演示了如何使用 `global-sign-out`。 **AWS CLI** **注销当前用户** 以下 `global-sign-out` 示例注销当前用户。 ``` aws cognito-idp global-sign-out \ --access-token eyJra456defEXAMPLE ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing users](https://docs.aws.amazon.com/cognito/latest/developerguide/managing-users.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GlobalSignOut](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/global-sign-out.html)。 ### `initiate-auth` 以下代码示例演示了如何使用 `initiate-auth`。 **AWS CLI** **让用户登录** 以下 `initiate-auth` 示例让用户使用基本的用户名/密码流程登录,无需进行其它质询。 ``` aws cognito-idp initiate-auth \ --auth-flow USER_PASSWORD_AUTH \ --client-id 1example23456789 \ --analytics-metadata AnalyticsEndpointId=d70b2ba36a8c4dc5a04a0451aEXAMPLE \ --auth-parameters USERNAME=testuser,PASSWORD=[Password] --user-context-data EncodedData=mycontextdata --client-metadata MyTestKey=MyTestValue ``` 输出: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [InitiateAuth](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/initiate-auth.html)。 ### `list-devices` 以下代码示例演示了如何使用 `list-devices`。 **AWS CLI** **列出用户的设备** 以下 `list-devices` 示例列出了当前用户已注册的设备。 ``` aws cognito-idp list-devices \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "Devices": [ { "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "Dart-device" }, { "Name": "last_ip_used", "Value": "192.0.2.1" } ], "DeviceCreateDate": 1715100742.022, "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceLastAuthenticatedDate": 1715100742.0, "DeviceLastModifiedDate": 1723233651.167 }, { "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "last_ip_used", "Value": "192.0.2.2" } ], "DeviceCreateDate": 1726856147.993, "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "DeviceLastAuthenticatedDate": 1726856147.0, "DeviceLastModifiedDate": 1726856147.993 } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Working with devices](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListDevices](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-devices.html)。 ### `list-groups` 以下代码示例演示了如何使用 `list-groups`。 **AWS CLI** **列出用户池中的组** 以下 `list-groups` 示例列出了所请求的用户池中的前两个组。 ``` aws cognito-idp list-groups \ --user-pool-id us-west-2_EXAMPLE \ --max-items 2 ``` 输出: ``` { "Groups": [ { "CreationDate": 1681760899.633, "Description": "My test group", "GroupName": "testgroup", "LastModifiedDate": 1681760899.633, "Precedence": 1, "UserPoolId": "us-west-2_EXAMPLE" }, { "CreationDate": 1642632749.051, "Description": "Autogenerated group for users who sign in using Facebook", "GroupName": "us-west-2_EXAMPLE_Facebook", "LastModifiedDate": 1642632749.051, "UserPoolId": "us-west-2_EXAMPLE" } ], "NextToken": "[Pagination token]" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding groups to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-groups.html)。 ### `list-identity-providers` 以下代码示例演示了如何使用 `list-identity-providers`。 **AWS CLI** **列出身份提供者** 以下 `list-identity-providers` 示例列出了所请求的用户池中的前两个身份提供者。 ``` aws cognito-idp list-identity-providers \ --user-pool-id us-west-2_EXAMPLE \ --max-items 2 ``` 输出: ``` { "Providers": [ { "CreationDate": 1619477386.504, "LastModifiedDate": 1703798328.142, "ProviderName": "Azure", "ProviderType": "SAML" }, { "CreationDate": 1642698776.175, "LastModifiedDate": 1642699086.453, "ProviderName": "LoginWithAmazon", "ProviderType": "LoginWithAmazon" } ], "NextToken": "[Pagination token]" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Third-party IdP sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListIdentityProviders](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-identity-providers.html)。 ### `list-resource-servers` 以下代码示例演示了如何使用 `list-resource-servers`。 **AWS CLI** **列出资源服务器** 以下 `list-resource-servers` 示例列出了所请求的用户池中的前两个资源服务器。 ``` aws cognito-idp list-resource-servers \ --user-pool-id us-west-2_EXAMPLE \ --max-results 2 ``` 输出: ``` { "ResourceServers": [ { "Identifier": "myapi.example.com", "Name": "Example API with custom access control scopes", "Scopes": [ { "ScopeDescription": "International customers", "ScopeName": "international.read" }, { "ScopeDescription": "Domestic customers", "ScopeName": "domestic.read" } ], "UserPoolId": "us-west-2_EXAMPLE" }, { "Identifier": "myapi2.example.com", "Name": "Another example API for access control", "Scopes": [ { "ScopeDescription": "B2B customers", "ScopeName": "b2b.read" } ], "UserPoolId": "us-west-2_EXAMPLE" } ], "NextToken": "[Pagination token]" } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Access control with resource servers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListResourceServers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-resource-servers.html)。 ### `list-tags-for-resource` 以下代码示例演示了如何使用 `list-tags-for-resource`。 **AWS CLI** **列出用户池标签** 以下 `list-tags-for-resource` 示例列出了分配给带有所请求的 ARN 的用户池的标签。 ``` aws cognito-idp list-tags-for-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE ``` 输出: ``` { "Tags": { "administrator": "Jie", "tenant": "ExampleCorp" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Tagging Amazon Cognito resources](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-tags-for-resource.html)。 ### `list-user-import-jobs` 以下代码示例演示了如何使用 `list-user-import-jobs`。 **AWS CLI** **列出用户导入任务和状态** 以下 `list-user-import-jobs` 示例列出了所请求的用户池中的前三个用户导入任务及其详细信息。 ``` aws cognito-idp list-user-import-jobs \ --user-pool-id us-west-2_EXAMPLE \ --max-results 3 ``` 输出: ``` { "PaginationToken": "us-west-2_EXAMPLE#import-example3#1667948397084", "UserImportJobs": [ { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1735329786.142, "CompletionMessage": "The user import job has expired.", "CreationDate": 1735241621.022, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-example1", "JobName": "Test-import-job-1", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "Status": "Expired", "UserPoolId": "us-west-2_EXAMPLE" }, { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1681509058.408, "CompletionMessage": "Too many users have failed or been skipped during the import.", "CreationDate": 1681509001.477, "FailedUsers": 1, "ImportedUsers": 0, "JobId": "import-example2", "JobName": "Test-import-job-2", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1681509057.965, "Status": "Failed", "UserPoolId": "us-west-2_EXAMPLE" }, { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/Cognito-UserImport-Role", "CompletionDate": 1.667864578676E9, "CompletionMessage": "Import Job Completed Successfully.", "CreationDate": 1.667864480281E9, "FailedUsers": 0, "ImportedUsers": 6, "JobId": "import-example3", "JobName": "Test-import-job-3", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1.667864578167E9, "Status": "Succeeded", "UserPoolId": "us-west-2_EXAMPLE" } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Importing users from a CSV file](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListUserImportJobs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-import-jobs.html)。 ### `list-user-pool-clients` 以下代码示例演示了如何使用 `list-user-pool-clients`。 **AWS CLI** **列出应用程序客户端** 以下 `list-user-pool-clients` 示例列出了所请求的用户池中的前三个应用程序客户端。 ``` aws cognito-idp list-user-pool-clients \ --user-pool-id us-west-2_EXAMPLE \ --max-results 3 ``` 输出: ``` { "NextToken": "[Pagination token]", "UserPoolClients": [ { "ClientId": "1example23456789", "ClientName": "app-client-1", "UserPoolId": "us-west-2_EXAMPLE" }, { "ClientId": "2example34567890", "ClientName": "app-client-2", "UserPoolId": "us-west-2_EXAMPLE" }, { "ClientId": "3example45678901", "ClientName": "app-client-3", "UserPoolId": "us-west-2_EXAMPLE" } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [App clients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListUserPoolClients](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pool-clients.html)。 ### `list-user-pools` 以下代码示例演示了如何使用 `list-user-pools`。 **AWS CLI** **列出用户池** 以下 `list-user-pools` 示例列出了当前 CLI 凭证的 AWS 账户中的 3 个可用用户池。 ``` aws cognito-idp list-user-pools \ --max-results 3 ``` 输出: ``` { "NextToken": "[Pagination token]", "UserPools": [ { "CreationDate": 1681502497.741, "Id": "us-west-2_EXAMPLE1", "LambdaConfig": { "CustomMessage": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreSignUp": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGeneration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "PreTokenGenerationConfig": { "LambdaArn": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction", "LambdaVersion": "V1_0" } }, "LastModifiedDate": 1681502497.741, "Name": "user pool 1" }, { "CreationDate": 1686064178.717, "Id": "us-west-2_EXAMPLE2", "LambdaConfig": { }, "LastModifiedDate": 1686064178.873, "Name": "user pool 2" }, { "CreationDate": 1627681712.237, "Id": "us-west-2_EXAMPLE3", "LambdaConfig": { "UserMigration": "arn:aws:lambda:us-east-1:123456789012:function:MyFunction" }, "LastModifiedDate": 1678486942.479, "Name": "user pool 3" } ] } ``` 有关更多信息,请参阅 *Amazon Cognito 开发人员指南*中的 [Amazon Cognito 用户池](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)。 + 有关 API 的详细信息,请参阅《AWS CLI 命令参考》**中的 [ListUserPools](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-user-pools.html)。 ### `list-users-in-group` 以下代码示例演示了如何使用 `list-users-in-group`。 **AWS CLI** **列出组中的用户** 此示例列出组 MyGroup 中的用户。 命令: ``` aws cognito-idp list-users-in-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup ``` 输出: ``` { "Users": [ { "Username": "acf10624-80bb-401a-ac61-607bee2110ec", "Attributes": [ { "Name": "sub", "Value": "acf10624-80bb-401a-ac61-607bee2110ec" }, { "Name": "custom:CustomAttr1", "Value": "New Value!" }, { "Name": "email", "Value": "jane@example.com" } ], "UserCreateDate": 1548102770.284, "UserLastModifiedDate": 1548103204.893, "Enabled": true, "UserStatus": "CONFIRMED" }, { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } ] } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListUsersInGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users-in-group.html)。 ### `list-users` 以下代码示例演示了如何使用 `list-users`。 **AWS CLI** **示例 1:使用服务器端筛选条件列出用户** 以下 `list-users` 示例列出了所请求的用户池中其电子邮件地址以 `testuser` 开头的 3 个用户。 ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --filter email^=\"testuser\" \ --max-items 3 ``` 输出: ``` { "PaginationToken": "efgh5678EXAMPLE", "Users": [ { "Attributes": [ { "Name": "sub", "Value": "eaad0219-2117-439f-8d46-4db20e59268f" }, { "Name": "email", "Value": "testuser@example.com" } ], "Enabled": true, "UserCreateDate": 1682955829.578, "UserLastModifiedDate": 1689030181.63, "UserStatus": "CONFIRMED", "Username": "testuser" }, { "Attributes": [ { "Name": "sub", "Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90" }, { "Name": "email", "Value": "testuser2@example.com" } ], "Enabled": true, "UserCreateDate": 1684427979.201, "UserLastModifiedDate": 1684427979.201, "UserStatus": "UNCONFIRMED", "Username": "testuser2" }, { "Attributes": [ { "Name": "sub", "Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7" }, { "Name": "email", "Value": "testuser3@example.com" } ], "Enabled": true, "UserCreateDate": 1684427823.641, "UserLastModifiedDate": 1684427823.641, "UserStatus": "UNCONFIRMED", "Username": "testuser3@example.com" } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。 **示例 2:使用客户端筛选条件列出用户** 以下 `list-users` 示例列出了三个用户的属性,这些用户所具有的一个属性(在本例中为他们的电子邮件地址)包含电子邮件域“@example.com”。如果其它属性包含了此字符串,则也会显示这些属性。第二个用户没有与查询匹配的属性,因此会从显示的输出中排除,但不会从服务器响应中排除。 ``` aws cognito-idp list-users \ --user-pool-id us-west-2_EXAMPLE \ --max-items 3 --query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\] ``` 输出: ``` [ [ { "Name": "email", "Value": "admin@example.com" } ], [], [ { "Name": "email", "Value": "operator@example.com" } ] ] ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html)。 + 有关 API 的详细信息,请参阅《AWS CLI 命令参考**》中的 [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-users.html)。 ### `list-web-authn-credentials` 以下代码示例演示了如何使用 `list-web-authn-credentials`。 **AWS CLI** **列出通行密钥凭证** 以下 `list-web-authn-credentials` 示例列出了当前用户的通行密钥或 WebAuthn 凭证。他们有一台注册的设备。 ``` aws cognito-idp list-web-authn-credentials \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "Credentials": [ { "AuthenticatorAttachment": "cross-platform", "CreatedAt": 1736293876.115, "CredentialId": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", "FriendlyCredentialName": "Roaming passkey", "RelyingPartyId": "auth.example.com" } ] } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Passkey sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListWebAuthnCredentials](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/list-web-authn-credentials.html)。 ### `resend-confirmation-code` 以下代码示例演示了如何使用 `resend-confirmation-code`。 **AWS CLI** **重新发送确认码** 以下 `resend-confirmation-code` 示例向用户 `jane` 发送确认码。 ``` aws cognito-idp resend-confirmation-code \ --client-id 12a3b456c7de890f11g123hijk \ --username jane ``` 输出: ``` { "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } } ``` 有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[注册并确认用户账户](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ResendConfirmationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/resend-confirmation-code.html)。 ### `respond-to-auth-challenge` 以下代码示例演示了如何使用 `respond-to-auth-challenge`。 **AWS CLI** **示例 1:响应 NEW\$1PASSWORD\$1REQUIRED 质询** 以下 `respond-to-auth-challenge` 示例响应了 initiate-auth 返回的 NEW\$1PASSWORD\$1REQUIRED 质询。它为用户 `jane@example.com` 设置密码。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --challenge-name NEW_PASSWORD_REQUIRED \ --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD=[Password] \ --session AYABeEv5HklEXAMPLE ``` 输出: ``` { "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-wt2ha1Zd" } } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Authentication](https://docs.aws.amazon.com/cognito/latest/developerguide/authentication.html)。 **示例 2:响应 SELECT\$1MFA\$1TYPE 质询** 以下 `respond-to-auth-challenge` 示例选择 TOTP MFA 作为当前用户的 MFA 选项。系统会提示用户选择 MFA 类型,接下来将提示用户输入其 MFA 代码。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 --session AYABeEv5HklEXAMPLE --challenge-name SELECT_MFA_TYPE --challenge-responses USERNAME=testuser,ANSWER=SOFTWARE_TOKEN_MFA ``` 输出: ``` { "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeEv5HklEXAMPLE", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "transparent" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 **示例 3:响应 SOFTWARE\$1TOKEN\$1MFA 质询** 以下 `respond-to-auth-challenge` 示例提供 TOTP MFA 代码并完成登录。 ``` aws cognito-idp respond-to-auth-challenge \ --client-id 1example23456789 \ --session AYABeEv5HklEXAMPLE \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=testuser,SOFTWARE_TOKEN_MFA_CODE=123456 ``` 输出: ``` { "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-v7w9UcY6" } } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 有关 API 的详细信息,请参阅《AWS CLI Command Reference》**中的 [RespondToAuthChallenge](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/respond-to-auth-challenge.html)。 ### `revoke-token` 以下代码示例演示了如何使用 `revoke-token`。 **AWS CLI** **撤消刷新令牌** 以下 `revoke-token` 撤消所请求的刷新令牌和关联的访问令牌。 ``` aws cognito-idp revoke-token \ --token eyJjd123abcEXAMPLE \ --client-id 1example23456789 ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Revoking tokens](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [RevokeToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/revoke-token.html)。 ### `set-log-delivery-configuration` 以下代码示例演示了如何使用 `set-log-delivery-configuration`。 **AWS CLI** **设置从用户池导出日志** 以下 `set-log-delivery-configuration` 示例将所请求的用户池配置为将用户通知错误记录到日志组,并将用户身份验证信息记录到 S3 存储桶。 ``` aws cognito-idp set-log-delivery-configuration \ --user-pool-id us-west-2_EXAMPLE \ --log-configurations LogLevel=ERROR,EventSource=userNotification,CloudWatchLogsConfiguration={LogGroupArn=arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported} LogLevel=INFO,EventSource=userAuthEvents,S3Configuration={BucketArn=arn:aws:s3:::amzn-s3-demo-bucket1} ``` 输出: ``` { "LogDeliveryConfiguration": { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" }, { "EventSource": "userAuthEvents", "LogLevel": "INFO", "S3Configuration": { "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1" } } ], "UserPoolId": "us-west-2_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Exporting user pool logs](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [SetLogDeliveryConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-log-delivery-configuration.html)。 ### `set-risk-configuration` 以下代码示例演示了如何使用 `set-risk-configuration`。 **AWS CLI** **设置威胁防护风险配置** 以下 `set-risk-configuration` 示例在所请求的应用程序客户端中配置威胁防护消息和操作、遭盗用的凭证以及 IP 地址异常。由于 NotifyConfiguration 对象的复杂性,JSON 输入是此命令的最佳实践。 ``` aws cognito-idp set-risk-configuration \ --cli-input-json file://set-risk-configuration.json ``` 的内容`set-risk-configuration.json`: ``` { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "MFA_REQUIRED", "Notify": true }, "LowAction": { "EventAction": "NO_ACTION", "Notify": true }, "MediumAction": { "EventAction": "MFA_IF_CONFIGURED", "Notify": true } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "Blocked sign-in attempt", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "From": "admin@example.com", "MfaEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "ReplyTo": "admin@example.com", "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" } }, "ClientId": "1example23456789", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "BLOCK" }, "EventFilter": [ "PASSWORD_CHANGE", "SIGN_UP", "SIGN_IN" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "192.0.2.1/32", "192.0.2.2/32" ], "SkippedIPRangeList": [ "203.0.113.1/32", "203.0.113.2/32" ] }, "UserPoolId": "us-west-2_EXAMPLE" } ``` 输出: ``` { "RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "MFA_REQUIRED", "Notify": true }, "LowAction": { "EventAction": "NO_ACTION", "Notify": true }, "MediumAction": { "EventAction": "MFA_IF_CONFIGURED", "Notify": true } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We blocked an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "Blocked sign-in attempt", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "From": "admin@example.com", "MfaEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We required you to use multi-factor authentication for the following sign-in attempt:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "HtmlBody": "\n\n\n\tHTML email context\n\t\n\n\n
We observed an unrecognized sign-in to your account with this information:\n\nIf this sign-in was not by you, you should change your password and notify us by clicking on this link\nIf this sign-in was by you, you can follow this link to let us know
\n\n", "Subject": "New sign-in attempt", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "ReplyTo": "admin@example.com", "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com" } }, "ClientId": "1example23456789", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "BLOCK" }, "EventFilter": [ "PASSWORD_CHANGE", "SIGN_UP", "SIGN_IN" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "192.0.2.1/32", "192.0.2.2/32" ], "SkippedIPRangeList": [ "203.0.113.1/32", "203.0.113.2/32" ] }, "UserPoolId": "us-west-2_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Threat protection](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [SetRiskConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-risk-configuration.html)。 ### `set-ui-customization` 以下代码示例演示了如何使用 `set-ui-customization`。 **AWS CLI** **示例 1:为应用程序客户端自定义经典托管 UI** 以下 `set-ui-customization` 示例使用一些自定义 CSS 和将 Amazon Cognito 徽标作为应用程序徽标,来配置所请求的应用程序客户端。 ``` aws cognito-idp set-ui-customization \ --user-pool-id us-west-2_ywDJHlIfU \ --client-id 14pq32c5q2uq2q7keorloqvb23 \ --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC ``` 输出: ``` { "UICustomization": { "UserPoolId": "us-west-2_ywDJHlIfU", "ClientId": "14pq32c5q2uq2q7keorloqvb23", "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", "CSSVersion": "20250117005911" } } ``` **示例 2:为所有应用程序客户端设置默认 UI 自定义** 以下 `set-ui-customization` 示例为所有没有客户端特定配置的应用程序客户端配置所请求的用户池。该命令应用一些自定义 CSS,并使用 Amazon Cognito 徽标作为应用程序徽标。 ``` aws cognito-idp set-ui-customization \ --user-pool-id us-west-2_ywDJHlIfU \ --client-id ALL \ --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n" \ --image-file iVBORw0KGgoAAAANSUhEUgAAAFAAAABQCAMAAAC5zwKfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAA2UExURd00TN9BV/Cmsfvm6f3y9P////fM0uqAj+yNmu6ZpvnZ3eNabuFNYuZneehzhPKzvPTAxwAAAOiMMlkAAAASdFJOU///////////////////////AOK/vxIAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKDSURBVFhH7ZfpkoMgEISDHKuEw/d/2u2BQWMiBrG29o+fVsKatdPMAeZxc3Nz8w+ISekzmB++sYIw/I/tjHzrPpO2Tx62EbR2PNxFac+jVuKxRaV50IzXkUe76NOCoUuwlvnQKei02gNF0ykotOLRBq/nboeWRxAISx2EbsHFoRhK6Igk2JJlwScfQjgt06dOaWWiTbEDAe/iq8N9kqCw2uCbHkHlYkaXEF8EYeL9RDqT4FhC6XMIIEifdcUwCc4leNyhabadWU6OlKYJE1Oac3NSPhB5rlaXlSgmr/1lww4nPaU/1ylfLGxX1r6Y66ZZkCqvnOlqKWws59ELj7fULc2CubwySYkdDuuiY0/F0L6Q5pZiSG0SfZTSTCOUhxOCH1AdIoCpTTIjtd+VpEjUDDytQH/0Fpc661Aisas/4qmyUItD557pSCOSQQzlx27J+meyDGc5zZgfhWuXE1lGgmVOMwmWdeGdzhjqZV14x5vSj7vsC5JDz/Cl0Vhp56n2NQt1wQIpury1EPbwyaYm+IhmAQKoajkH51wg4cMZ1wQ3QG9efKWWOaDhYWnU6jXjCMdRmm21PArI+Pb5DYoH93hq0ZCPlxeGJho/DI15C6sQc/L2sTC47UFBKZGHT6k+zlXg7WebA0Nr0HTcLMfk/Y4Rc65D3iG6WDd7YLSlVqk87bVhUwhnClrx11RsVQwlAA818Mn+QEs71BhSFU6orsUfKhHp72XMGYXi4q9c64RXRvzkWurRfG2vI2be/VaNcNgpX0Evb/vio7nPMmj5qujkpQgSaPd1UcVqciHFDNZpOcGlcOPyi+AamCbIL9fitxAGeFN2Dl+3vZubm5u/4fH4Bd14HhIPdwZPAAAAAElFTkSuQmCC ``` 输出: ``` { "UICustomization": { "UserPoolId": "us-west-2_ywDJHlIfU", "ClientId": "14pq32c5q2uq2q7keorloqvb23", "ImageUrl": "https://cf.thewrong.club/14pq32c5q2uq2q7keorloqvb23/20250117005911/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 0px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 400;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 11px;\n\tfont-weight: normal;\n\tmargin: 20px -15px 10px -13px;\n\theight: 40px;\n\twidth: 108%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n\ttext-align: center;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n\tborder-radius: 0px;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\tborder-radius: 2px;\n\theight: 40px;\n\tmargin-bottom: 15px;\n\tpadding: 1px;\n\ttext-align: left;\n\twidth: 100%;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #fff;\n}\n", "CSSVersion": "20250117005911" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Hosted UI (classic) branding](https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [SetUiCustomization](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-ui-customization.html)。 ### `set-user-mfa-preference` 以下代码示例演示了如何使用 `set-user-mfa-preference`。 **AWS CLI** **设置用户的 MFA 首选项** 以下 `set-user-mfa-preference` 示例将当前用户配置为使用 TOTP MFA 并禁用所有其它 MFA 因素。 ``` aws cognito-idp set-user-mfa-preference \ --access-token eyJra456defEXAMPLE \ --software-token-mfa-settings Enabled=true,PreferredMfa=true \ --sms-mfa-settings Enabled=false,PreferredMfa=false \ --email-mfa-settings Enabled=false,PreferredMfa=false ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [SetUserMfaPreference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-mfa-preference.html)。 ### `set-user-pool-mfa-config` 以下代码示例演示了如何使用 `set-user-pool-mfa-config`。 **AWS CLI** **配置用户池 MFA 和 WebAuthn** 以下 `set-user-pool-mfa-config` 示例使用可选 MFA 及所有可用的 MFA 方法配置所请求的用户池,并设置 WebAuthn 配置。 ``` aws cognito-idp set-user-pool-mfa-config \ --user-pool-id us-west-2_EXAMPLE \ --sms-mfa-configuration "SmsAuthenticationMessage=\"Your OTP for MFA or sign-in: use {####}.\",SmsConfiguration={SnsCallerArn=arn:aws:iam::123456789012:role/service-role/test-SMS-Role,ExternalId=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111,SnsRegion=us-west-2}" \ --software-token-mfa-configuration Enabled=true \ --email-mfa-configuration "Message=\"Your OTP for MFA or sign-in: use {####}\",Subject=\"OTP test\"" \ --mfa-configuration OPTIONAL \ --web-authn-configuration RelyingPartyId=auth.example.com,UserVerification=preferred ``` 输出: ``` { "EmailMfaConfiguration": { "Message": "Your OTP for MFA or sign-in: use {####}", "Subject": "OTP test" }, "MfaConfiguration": "OPTIONAL", "SmsMfaConfiguration": { "SmsAuthenticationMessage": "Your OTP for MFA or sign-in: use {####}.", "SmsConfiguration": { "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/test-SMS-Role", "SnsRegion": "us-west-2" } }, "SoftwareTokenMfaConfiguration": { "Enabled": true }, "WebAuthnConfiguration": { "RelyingPartyId": "auth.example.com", "UserVerification": "preferred" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Adding MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html) 和 [Passkey sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [SetUserPoolMfaConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-pool-mfa-config.html)。 ### `set-user-settings` 以下代码示例演示了如何使用 `set-user-settings`。 **AWS CLI** **设置用户设置** 此示例将 MFA 发送首选项设置为 EMAIL。 命令: ``` aws cognito-idp set-user-settings --access-token ACCESS_TOKEN --mfa-options DeliveryMedium=EMAIL ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [SetUserSettings](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/set-user-settings.html)。 ### `sign-up` 以下代码示例演示了如何使用 `sign-up`。 **AWS CLI** **注册用户** 此示例注册 jane@example.com。 命令: ``` aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane" ``` 输出: ``` { "UserConfirmed": false, "UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862" } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [SignUp](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/sign-up.html)。 ### `start-user-import-job` 以下代码示例演示了如何使用 `start-user-import-job`。 **AWS CLI** **启动导入任务** 以下 `start-user-import-job` 示例在所请求的用户池中启动所请求的导入任务。 ``` aws cognito-idp start-user-import-job \ --user-pool-id us-west-2_EXAMPLE \ --job-id import-mAgUtd8PMm ``` 输出: ``` { "UserImportJob": { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", "CreationDate": 1736442975.904, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-mAgUtd8PMm", "JobName": "Customer import", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1736443020.081, "Status": "Pending", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Importing users into a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [StartUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/start-user-import-job.html)。 ### `start-web-authn-registration` 以下代码示例演示了如何使用 `start-web-authn-registration`。 **AWS CLI** **获取已登录用户的通行密钥注册信息** 以下 `start-web-authn-registration` 示例为当前用户生成 WebAuthn 注册选项。 ``` aws cognito-idp start-web-authn-registration \ --access-token eyJra456defEXAMPLE ``` 输出: ``` { "CredentialCreationOptions": { "authenticatorSelection": { "requireResidentKey": true, "residentKey": "required", "userVerification": "preferred" }, "challenge": "wxvbDicyqQqvF2EXAMPLE", "excludeCredentials": [ { "id": "8LApgk4-lNUFHbhm2w6Und7-uxcc8coJGsPxiogvHoItc64xWQc3r4CEXAMPLE", "type": "public-key" } ], "pubKeyCredParams": [ { "alg": -7, "type": "public-key" }, { "alg": -257, "type": "public-key" } ], "rp": { "id": "auth.example.com", "name": "auth.example.com" }, "timeout": 60000, "user": { "displayName": "testuser", "id": "ZWFhZDAyMTktMjExNy00MzlmLThkNDYtNGRiMjBlNEXAMPLE", "name": "testuser" } } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Passkey sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [StartWebAuthnRegistration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/start-web-authn-registration.html)。 ### `stop-user-import-job` 以下代码示例演示了如何使用 `stop-user-import-job`。 **AWS CLI** **停止导入任务** 以下 `stop-user-import-job` 示例在所请求的用户池中停止所请求的正在运行的用户导入任务。 ``` aws cognito-idp stop-user-import-job \ --user-pool-id us-west-2_EXAMPLE \ --job-id import-mAgUtd8PMm ``` 输出: ``` { "UserImportJob": { "CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/example-cloudwatch-logs-role", "CompletionDate": 1736443496.379, "CompletionMessage": "The Import Job was stopped by the developer.", "CreationDate": 1736443471.781, "FailedUsers": 0, "ImportedUsers": 0, "JobId": "import-mAgUtd8PMm", "JobName": "Customer import", "PreSignedUrl": "https://aws-cognito-idp-user-import-pdx.s3.us-west-2.amazonaws.com/123456789012/us-west-2_EXAMPLE/import-mAgUtd8PMm?X-Amz-Security-Token=[token]&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241226T193341Z&X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption&X-Amz-Expires=899&X-Amz-Credential=[credential]&X-Amz-Signature=[signature]", "SkippedUsers": 0, "StartDate": 1736443494.154, "Status": "Stopped", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Importing users into a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [StopUserImportJob](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/stop-user-import-job.html)。 ### `tag-resource` 以下代码示例演示了如何使用 `tag-resource`。 **AWS CLI** **为用户池添加标签** 以下 `tag-resource` 示例将 `administrator` 和 `department` 标签应用于所请求的用户池。 ``` aws cognito-idp tag-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE \ --tags administrator=Jie,tenant=ExampleCorp ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Tagging Amazon Cognito resources](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/tag-resource.html)。 ### `untag-resource` 以下代码示例演示了如何使用 `untag-resource`。 **AWS CLI** **从用户池中移除标签** 以下 `untag-resource` 示例从所请求的用户池移除 `administrator` 和 `department` 标签。 ``` aws cognito-idp untag-resource \ --resource-arn arn:aws:cognito-idp:us-west-2:767671399759:userpool/us-west-2_l5cxwdm2K \ --tag-keys administrator tenant ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Tagging Amazon Cognito resources](https://docs.aws.amazon.com/cognito/latest/developerguide/tagging.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/untag-resource.html)。 ### `update-auth-event-feedback` 以下代码示例演示了如何使用 `update-auth-event-feedback`。 **AWS CLI** **更新身份验证事件反馈** 此示例更新授权事件反馈。它将事件标记为“Valid”。 命令: ``` aws cognito-idp update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id EVENT_ID --feedback-token FEEDBACK_TOKEN --feedback-value "Valid" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateAuthEventFeedback](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-auth-event-feedback.html)。 ### `update-device-status` 以下代码示例演示了如何使用 `update-device-status`。 **AWS CLI** **更新设备状态** 此示例将设备状态更新为“not\$1remembered”。 命令: ``` aws cognito-idp update-device-status --access-token ACCESS_TOKEN --device-key DEVICE_KEY --device-remembered-status "not_remembered" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateDeviceStatus](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-device-status.html)。 ### `update-group` 以下代码示例演示了如何使用 `update-group`。 **AWS CLI** **更新组** 此示例更新 MyGroup 的说明和优先级。 命令: ``` aws cognito-idp update-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup --description "New description" --precedence 2 ``` 输出: ``` { "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New description", "RoleArn": "arn:aws:iam::111111111111:role/MyRole", "Precedence": 2, "LastModifiedDate": 1548800862.812, "CreationDate": 1548097827.125 } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-group.html)。 ### `update-identity-provider` 以下代码示例演示了如何使用 `update-identity-provider`。 **AWS CLI** **更新用户池身份提供者** 以下 `update-identity-provider` 示例更新所请求的用户池中的 OIDC 提供者“MyOIDCIdP”。 ``` aws cognito-idp update-identity-provider \ --cli-input-json file://update-identity-provider.json ``` 的内容`update-identity-provider.json`: ``` { "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified", "username": "sub" }, "CreationDate": 1.701129701653E9, "IdpIdentifiers": [ "corp", "dev" ], "LastModifiedDate": 1.701129701653E9, "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile", "authorize_url": "https://example.com/authorize", "client_id": "idpexampleclient123", "client_secret": "idpexamplesecret456", "jwks_uri": "https://example.com/.well-known/jwks.json", "oidc_issuer": "https://example.com", "token_url": "https://example.com/token" }, "ProviderName": "MyOIDCIdP", "UserPoolId": "us-west-2_EXAMPLE" } ``` 输出: ``` { "IdentityProvider": { "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified", "username": "sub" }, "CreationDate": 1701129701.653, "IdpIdentifiers": [ "corp", "dev" ], "LastModifiedDate": 1736444278.211, "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile", "authorize_url": "https://example.com/authorize", "client_id": "idpexampleclient123", "client_secret": "idpexamplesecret456", "jwks_uri": "https://example.com/.well-known/jwks.json", "oidc_issuer": "https://example.com", "token_url": "https://example.com/token" }, "ProviderName": "MyOIDCIdP", "ProviderType": "OIDC", "UserPoolId": "us-west-2_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Configuring a domain](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateIdentityProvider](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-identity-provider.html)。 ### `update-managed-login-branding` 以下代码示例演示了如何使用 `update-managed-login-branding`。 **AWS CLI** **更新托管式登录品牌风格** 以下 `update-managed-login-branding` 示例更新了所请求的应用程序客户端品牌风格。 ``` aws cognito-idp update-managed-login-branding \ --cli-input-json file://update-managed-login-branding.json ``` 的内容`update-managed-login-branding.json`: ``` { "Assets": [ { "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", "Category": "PAGE_FOOTER_BACKGROUND", "ColorMode": "DARK", "Extension": "SVG" } ], "ManagedLoginBrandingId": "63f30090-6b1f-4278-b885-2bbb81f8e545", "Settings": { "categories": { "auth": { "authMethodOrder": [ [ { "display": "BUTTON", "type": "FEDERATED" }, { "display": "INPUT", "type": "USERNAME_PASSWORD" } ] ], "federation": { "interfaceStyle": "BUTTON_LIST", "order": [ ] } }, "form": { "displayGraphics": true, "instructions": { "enabled": false }, "languageSelector": { "enabled": false }, "location": { "horizontal": "CENTER", "vertical": "CENTER" }, "sessionTimerDisplay": "NONE" }, "global": { "colorSchemeMode": "LIGHT", "pageFooter": { "enabled": false }, "pageHeader": { "enabled": false }, "spacingDensity": "REGULAR" }, "signUp": { "acceptanceElements": [ { "enforcement": "NONE", "textKey": "en" } ] } }, "componentClasses": { "buttons": { "borderRadius": 8.0 }, "divider": { "darkMode": { "borderColor": "232b37ff" }, "lightMode": { "borderColor": "ebebf0ff" } }, "dropDown": { "borderRadius": 8.0, "darkMode": { "defaults": { "itemBackgroundColor": "192534ff" }, "hover": { "itemBackgroundColor": "081120ff", "itemBorderColor": "5f6b7aff", "itemTextColor": "e9ebedff" }, "match": { "itemBackgroundColor": "d1d5dbff", "itemTextColor": "89bdeeff" } }, "lightMode": { "defaults": { "itemBackgroundColor": "ffffffff" }, "hover": { "itemBackgroundColor": "f4f4f4ff", "itemBorderColor": "7d8998ff", "itemTextColor": "000716ff" }, "match": { "itemBackgroundColor": "414d5cff", "itemTextColor": "0972d3ff" } } }, "focusState": { "darkMode": { "borderColor": "539fe5ff" }, "lightMode": { "borderColor": "0972d3ff" } }, "idpButtons": { "icons": { "enabled": true } }, "input": { "borderRadius": 8.0, "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "5f6b7aff" }, "placeholderColor": "8d99a8ff" }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "placeholderColor": "5f6b7aff" } }, "inputDescription": { "darkMode": { "textColor": "8d99a8ff" }, "lightMode": { "textColor": "5f6b7aff" } }, "inputLabel": { "darkMode": { "textColor": "d1d5dbff" }, "lightMode": { "textColor": "000716ff" } }, "link": { "darkMode": { "defaults": { "textColor": "539fe5ff" }, "hover": { "textColor": "89bdeeff" } }, "lightMode": { "defaults": { "textColor": "0972d3ff" }, "hover": { "textColor": "033160ff" } } }, "optionControls": { "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "539fe5ff", "foregroundColor": "000716ff" } }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "0972d3ff", "foregroundColor": "ffffffff" } } }, "statusIndicator": { "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff", "indicatorColor": "eb6f6fff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "001a02ff", "borderColor": "29ad32ff", "indicatorColor": "29ad32ff" }, "warning": { "backgroundColor": "1d1906ff", "borderColor": "e0ca57ff", "indicatorColor": "e0ca57ff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff", "indicatorColor": "d91515ff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "f2fcf3ff", "borderColor": "037f0cff", "indicatorColor": "037f0cff" }, "warning": { "backgroundColor": "fffce9ff", "borderColor": "8d6605ff", "indicatorColor": "8d6605ff" } } } }, "components": { "alert": { "borderRadius": 12.0, "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff" } } }, "favicon": { "enabledTypes": [ "ICO", "SVG" ] }, "form": { "backgroundImage": { "enabled": false }, "borderRadius": 8.0, "darkMode": { "backgroundColor": "0f1b2aff", "borderColor": "424650ff" }, "lightMode": { "backgroundColor": "ffffffff", "borderColor": "c6c6cdff" }, "logo": { "enabled": false, "formInclusion": "IN", "location": "CENTER", "position": "TOP" } }, "idpButton": { "custom": { }, "standard": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "c6c6cdff", "textColor": "c6c6cdff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "424650ff", "textColor": "424650ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } }, "pageBackground": { "darkMode": { "color": "0f1b2aff" }, "image": { "enabled": true }, "lightMode": { "color": "ffffffff" } }, "pageFooter": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageHeader": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageText": { "darkMode": { "bodyColor": "b6bec9ff", "descriptionColor": "b6bec9ff", "headingColor": "d1d5dbff" }, "lightMode": { "bodyColor": "414d5cff", "descriptionColor": "414d5cff", "headingColor": "000716ff" } }, "phoneNumberSelector": { "displayType": "TEXT" }, "primaryButton": { "darkMode": { "active": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "defaults": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "89bdeeff", "textColor": "000716ff" } }, "lightMode": { "active": { "backgroundColor": "033160ff", "textColor": "ffffffff" }, "defaults": { "backgroundColor": "0972d3ff", "textColor": "ffffffff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "033160ff", "textColor": "ffffffff" } } }, "secondaryButton": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "539fe5ff", "textColor": "539fe5ff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "0972d3ff", "textColor": "0972d3ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } } }, "UseCognitoProvidedValues": false, "UserPoolId": "ca-central-1_EXAMPLE" } ``` 输出: ``` { "ManagedLoginBranding": { "Assets": [ { "Bytes": "PHN2ZyB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiB2aWV3Qm94PSIwIDAgMjAwMDAgNDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8ZyBjbGlwLXBhdGg9InVybCgjY2xpcDBfMTcyNTlfMjM2Njc0KSI+CjxyZWN0IHdpZHRoPSIyMDAwMCIgaGVpZ2h0PSI0MDAiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQpIi8+CjxwYXRoIGQ9Ik0wIDBIMjAwMDBWNDAwSDBWMFoiIGZpbGw9IiMxMjIwMzciIGZpbGwtb3BhY2l0eT0iMC41Ii8+CjwvZz4KPGRlZnM+CjxsaW5lYXJHcmFkaWVudCBpZD0icGFpbnQwX2xpbmVhcl8xNzI1OV8yMzY2NzQiIHgxPSItODk0LjI0OSIgeTE9IjE5OS45MzEiIHgyPSIxODAzNC41IiB5Mj0iLTU4OTkuNTciIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj4KPHN0b3Agc3RvcC1jb2xvcj0iI0JGODBGRiIvPgo8c3RvcCBvZmZzZXQ9IjEiIHN0b3AtY29sb3I9IiNGRjhGQUIiLz4KPC9saW5lYXJHcmFkaWVudD4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xNzI1OV8yMzY2NzQiPgo8cmVjdCB3aWR0aD0iMjAwMDAiIGhlaWdodD0iNDAwIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo=", "Category": "PAGE_FOOTER_BACKGROUND", "ColorMode": "DARK", "Extension": "SVG" } ], "CreationDate": 1732138490.642, "LastModifiedDate": 1732140420.301, "ManagedLoginBrandingId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Settings": { "categories": { "auth": { "authMethodOrder": [ [ { "display": "BUTTON", "type": "FEDERATED" }, { "display": "INPUT", "type": "USERNAME_PASSWORD" } ] ], "federation": { "interfaceStyle": "BUTTON_LIST", "order": [ ] } }, "form": { "displayGraphics": true, "instructions": { "enabled": false }, "languageSelector": { "enabled": false }, "location": { "horizontal": "CENTER", "vertical": "CENTER" }, "sessionTimerDisplay": "NONE" }, "global": { "colorSchemeMode": "LIGHT", "pageFooter": { "enabled": false }, "pageHeader": { "enabled": false }, "spacingDensity": "REGULAR" }, "signUp": { "acceptanceElements": [ { "enforcement": "NONE", "textKey": "en" } ] } }, "componentClasses": { "buttons": { "borderRadius": 8.0 }, "divider": { "darkMode": { "borderColor": "232b37ff" }, "lightMode": { "borderColor": "ebebf0ff" } }, "dropDown": { "borderRadius": 8.0, "darkMode": { "defaults": { "itemBackgroundColor": "192534ff" }, "hover": { "itemBackgroundColor": "081120ff", "itemBorderColor": "5f6b7aff", "itemTextColor": "e9ebedff" }, "match": { "itemBackgroundColor": "d1d5dbff", "itemTextColor": "89bdeeff" } }, "lightMode": { "defaults": { "itemBackgroundColor": "ffffffff" }, "hover": { "itemBackgroundColor": "f4f4f4ff", "itemBorderColor": "7d8998ff", "itemTextColor": "000716ff" }, "match": { "itemBackgroundColor": "414d5cff", "itemTextColor": "0972d3ff" } } }, "focusState": { "darkMode": { "borderColor": "539fe5ff" }, "lightMode": { "borderColor": "0972d3ff" } }, "idpButtons": { "icons": { "enabled": true } }, "input": { "borderRadius": 8.0, "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "5f6b7aff" }, "placeholderColor": "8d99a8ff" }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "placeholderColor": "5f6b7aff" } }, "inputDescription": { "darkMode": { "textColor": "8d99a8ff" }, "lightMode": { "textColor": "5f6b7aff" } }, "inputLabel": { "darkMode": { "textColor": "d1d5dbff" }, "lightMode": { "textColor": "000716ff" } }, "link": { "darkMode": { "defaults": { "textColor": "539fe5ff" }, "hover": { "textColor": "89bdeeff" } }, "lightMode": { "defaults": { "textColor": "0972d3ff" }, "hover": { "textColor": "033160ff" } } }, "optionControls": { "darkMode": { "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "539fe5ff", "foregroundColor": "000716ff" } }, "lightMode": { "defaults": { "backgroundColor": "ffffffff", "borderColor": "7d8998ff" }, "selected": { "backgroundColor": "0972d3ff", "foregroundColor": "ffffffff" } } }, "statusIndicator": { "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff", "indicatorColor": "eb6f6fff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "001a02ff", "borderColor": "29ad32ff", "indicatorColor": "29ad32ff" }, "warning": { "backgroundColor": "1d1906ff", "borderColor": "e0ca57ff", "indicatorColor": "e0ca57ff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff", "indicatorColor": "d91515ff" }, "pending": { "indicatorColor": "AAAAAAAA" }, "success": { "backgroundColor": "f2fcf3ff", "borderColor": "037f0cff", "indicatorColor": "037f0cff" }, "warning": { "backgroundColor": "fffce9ff", "borderColor": "8d6605ff", "indicatorColor": "8d6605ff" } } } }, "components": { "alert": { "borderRadius": 12.0, "darkMode": { "error": { "backgroundColor": "1a0000ff", "borderColor": "eb6f6fff" } }, "lightMode": { "error": { "backgroundColor": "fff7f7ff", "borderColor": "d91515ff" } } }, "favicon": { "enabledTypes": [ "ICO", "SVG" ] }, "form": { "backgroundImage": { "enabled": false }, "borderRadius": 8.0, "darkMode": { "backgroundColor": "0f1b2aff", "borderColor": "424650ff" }, "lightMode": { "backgroundColor": "ffffffff", "borderColor": "c6c6cdff" }, "logo": { "enabled": false, "formInclusion": "IN", "location": "CENTER", "position": "TOP" } }, "idpButton": { "custom": { }, "standard": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "c6c6cdff", "textColor": "c6c6cdff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "424650ff", "textColor": "424650ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } }, "pageBackground": { "darkMode": { "color": "0f1b2aff" }, "image": { "enabled": true }, "lightMode": { "color": "ffffffff" } }, "pageFooter": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageHeader": { "backgroundImage": { "enabled": false }, "darkMode": { "background": { "color": "0f141aff" }, "borderColor": "424650ff" }, "lightMode": { "background": { "color": "fafafaff" }, "borderColor": "d5dbdbff" }, "logo": { "enabled": false, "location": "START" } }, "pageText": { "darkMode": { "bodyColor": "b6bec9ff", "descriptionColor": "b6bec9ff", "headingColor": "d1d5dbff" }, "lightMode": { "bodyColor": "414d5cff", "descriptionColor": "414d5cff", "headingColor": "000716ff" } }, "phoneNumberSelector": { "displayType": "TEXT" }, "primaryButton": { "darkMode": { "active": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "defaults": { "backgroundColor": "539fe5ff", "textColor": "000716ff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "89bdeeff", "textColor": "000716ff" } }, "lightMode": { "active": { "backgroundColor": "033160ff", "textColor": "ffffffff" }, "defaults": { "backgroundColor": "0972d3ff", "textColor": "ffffffff" }, "disabled": { "backgroundColor": "ffffffff", "borderColor": "ffffffff" }, "hover": { "backgroundColor": "033160ff", "textColor": "ffffffff" } } }, "secondaryButton": { "darkMode": { "active": { "backgroundColor": "354150ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" }, "defaults": { "backgroundColor": "0f1b2aff", "borderColor": "539fe5ff", "textColor": "539fe5ff" }, "hover": { "backgroundColor": "192534ff", "borderColor": "89bdeeff", "textColor": "89bdeeff" } }, "lightMode": { "active": { "backgroundColor": "d3e7f9ff", "borderColor": "033160ff", "textColor": "033160ff" }, "defaults": { "backgroundColor": "ffffffff", "borderColor": "0972d3ff", "textColor": "0972d3ff" }, "hover": { "backgroundColor": "f2f8fdff", "borderColor": "033160ff", "textColor": "033160ff" } } } } }, "UseCognitoProvidedValues": false, "UserPoolId": "ca-central-1_EXAMPLE" } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Apply branding to managed login pages](https://docs.aws.amazon.com/cognito/latest/developerguide/managed-login-branding.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateManagedLoginBranding](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-managed-login-branding.html)。 ### `update-resource-server` 以下代码示例演示了如何使用 `update-resource-server`。 **AWS CLI** **更新资源服务器** 此示例更新资源服务器 Weather。它添加了一个新范围。 命令: ``` aws cognito-idp update-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com --name Weather --scopes ScopeName=NewScope,ScopeDescription="New scope description" ``` 输出: ``` { "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Happy", "Scopes": [ { "ScopeName": "NewScope", "ScopeDescription": "New scope description" } ] } } ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateResourceServer](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-resource-server.html)。 ### `update-user-attributes` 以下代码示例演示了如何使用 `update-user-attributes`。 **AWS CLI** **更新用户属性** 此示例更新用户属性“nickname”。 命令: ``` aws cognito-idp update-user-attributes --access-token ACCESS_TOKEN --user-attributes Name="nickname",Value="Dan" ``` + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateUserAttributes](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-attributes.html)。 ### `update-user-pool-client` 以下代码示例演示了如何使用 `update-user-pool-client`。 **AWS CLI** **更新应用程序客户端** 以下 `update-user-pool-client` 示例更新了所请求的应用程序客户端的配置。 ``` aws cognito-idp update-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --client-name my-test-app \ --refresh-token-validity 30 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes "address" "birthdate" "email" "email_verified" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "phone_number_verified" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ --write-attributes "address" "birthdate" "email" "family_name" "gender" "locale" "middle_name" "name" "nickname" "phone_number" "picture" "preferred_username" "profile" "updated_at" "website" "zoneinfo" \ --explicit-auth-flows "ALLOW_ADMIN_USER_PASSWORD_AUTH" "ALLOW_CUSTOM_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" "ALLOW_USER_PASSWORD_AUTH" "ALLOW_USER_SRP_AUTH" \ --supported-identity-providers "MySAML" "COGNITO" "Google" \ --callback-urls "https://www.example.com" "https://app2.example.com" \ --logout-urls "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" "https://example.com/logout" \ --default-redirect-uri "https://www.example.com" \ --allowed-o-auth-flows "code" "implicit" \ --allowed-o-auth-scopes "openid" "profile" "aws.cognito.signin.user.admin" \ --allowed-o-auth-flows-user-pool-client \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --no-enable-propagate-additional-user-context-data \ --auth-session-validity 3 ``` 输出: ``` { "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "my-test-app", "ClientId": "1example23456789", "LastModifiedDate": "2025-01-31T14:40:12.498000-08:00", "CreationDate": "2023-09-13T16:26:34.408000-07:00", "RefreshTokenValidity": 30, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "website", "zoneinfo", "address", "birthdate", "email_verified", "gender", "profile", "phone_number_verified", "preferred_username", "locale", "middle_name", "picture", "updated_at", "name", "nickname", "phone_number", "family_name", "email" ], "WriteAttributes": [ "website", "zoneinfo", "address", "birthdate", "gender", "profile", "preferred_username", "locale", "middle_name", "picture", "updated_at", "name", "nickname", "phone_number", "family_name", "email" ], "ExplicitAuthFlows": [ "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "COGNITO", "MySAML" ], "CallbackURLs": [ "https://www.example.com", "https://app2.example.com" ], "LogoutURLs": [ "https://example.com/logout", "https://auth.example.com/login?client_id=1example23456789&response_type=code&redirect_uri=https%3A%2F%2Fwww.example.com" ], "DefaultRedirectURI": "https://www.example.com", "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile" ], "AllowedOAuthFlowsUserPoolClient": true, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": false, "AuthSessionValidity": 3 } } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Application-specific settings with app clients](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。 + 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool-client.html)。 ### `update-user-pool-domain` 以下代码示例演示了如何使用 `update-user-pool-domain`。 **AWS CLI** **更新自定义域** 以下 `update-user-pool-domain` 示例为所请求的用户池中的自定义域配置品牌版本和证书。 ``` aws cognito-idp update-user-pool-domain \ --user-pool-id ca-central-1_EXAMPLE \ --domain auth.example.com \ --managed-login-version 2 \ --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 ``` 输出: ``` { "CloudFrontDomain": "example.cloudfront.net", "ManagedLoginVersion": 2 } ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) 和 [Configuring a domain](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateUserPoolDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool-domain.html)。 ### `update-user-pool` 以下代码示例演示了如何使用 `update-user-pool`。 **AWS CLI** **更新用户池** 以下的 `update-user-pool` 示例使用每个可用配置选项的示例语法修改用户池。要更新用户池,必须指定所有先前配置的选项,否则这些选项将重置为默认值。 ``` aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \ --policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \ --deletion-protection ACTIVE \ --lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \ --auto-verified-attributes "phone_number" "email" \ --verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \ --sms-authentication-message "Your code is {####}" \ --user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \ --mfa-configuration "OPTIONAL" \ --device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \ --email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \ --sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-add-ons AdvancedSecurityMode="AUDIT" \ --account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\] ``` 此命令不生成任何输出。 有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[更新用户池配置](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-updating.html)。 + 有关 API 的详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateUserPool](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/update-user-pool.html)。 ### `verify-software-token` 以下代码示例演示了如何使用 `verify-software-token`。 **AWS CLI** **确认 TOTP 身份验证器的注册** 以下 `verify-software-token` 示例完成了当前用户的 TOTP 注册。 ``` aws cognito-idp verify-software-token \ --access-token eyJra456defEXAMPLE \ --user-code 123456 ``` 输出: ``` { "Status": "SUCCESS" } ``` 有关更多信息,请参阅《Amazon Cognito 开发人员指南》**中的[向用户池添加 MFA](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [VerifySoftwareToken](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-software-token.html)。 ### `verify-user-attribute` 以下代码示例演示了如何使用 `verify-user-attribute`。 **AWS CLI** **验证属性更改** 以下 `verify-user-attribute` 示例验证了对当前用户的电子邮件属性的更改。 ``` aws cognito-idp verify-user-attribute \ --access-token eyJra456defEXAMPLE \ --attribute-name email \ --code 123456 ``` 有关更多信息,请参阅《Amazon Cognito Developer Guide》**中的 [Configuring email or phone verification](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html)。 + 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [VerifyUserAttribute](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/verify-user-attribute.html)。