使用 的 Amazon Cognito Identity Provider 範例 AWS CLI - AWS Command Line Interface

本文件 AWS CLI 僅適用於 第 1 版。如需 第 2 版的相關文件 AWS CLI,請參閱 第 2 版使用者指南

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用 的 Amazon Cognito Identity Provider 範例 AWS CLI

下列程式碼範例示範如何使用 AWS Command Line Interface 搭配 Amazon Cognito Identity Provider 執行動作和實作常見案例。

Actions 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。

每個範例都包含完整原始程式碼的連結,您可以在其中找到如何在內容中設定和執行程式碼的指示。

主題

動作

下列程式碼範例示範如何使用 add-custom-attributes

AWS CLI

新增自訂屬性

此範例會將自訂屬性 CustomAttr1 新增至使用者集區。它是字串類型,需要最少 1 個字元,最多 15 個字元。這不是必要的。

命令:

aws cognito-idp add-custom-attributes --user-pool-id us-west-2_aaaaaaaaa --custom-attributes Name="CustomAttr1",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,StringAttributeConstraints="{MinLength=1,MaxLength=15}"

下列程式碼範例示範如何使用 admin-add-user-to-group

AWS CLI

將使用者新增至群組

此範例會將使用者 Jane 新增至群組 MyGroup。

命令:

aws cognito-idp admin-add-user-to-group --user-pool-id us-west-2_aaaaaaaaa --username Jane --group-name MyGroup

下列程式碼範例示範如何使用 admin-confirm-sign-up

AWS CLI

確認使用者註冊

此範例會確認使用者 jane@example.com。

命令:

aws cognito-idp admin-confirm-sign-up --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com

下列程式碼範例示範如何使用 admin-create-user

AWS CLI

建立使用者

下列admin-create-user範例會建立具有指定設定電子郵件地址和電話號碼的使用者。

aws cognito-idp admin-create-user \ --user-pool-id us-west-2_aaaaaaaaa \ --username diego \ --user-attributes Name=email,Value=diego@example.com Name=phone_number,Value="+15555551212" \ --message-action SUPPRESS

輸出:

{ "User": { "Username": "diego", "Attributes": [ { "Name": "sub", "Value": "7325c1de-b05b-4f84-b321-9adc6e61f4a2" }, { "Name": "phone_number", "Value": "+15555551212" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548099495.428, "UserLastModifiedDate": 1548099495.428, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } }
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminCreateUser

下列程式碼範例示範如何使用 admin-delete-user-attributes

AWS CLI

刪除使用者屬性

此範例會刪除使用者 diego@example.com 的自訂屬性 CustomAttr1。

命令:

aws cognito-idp admin-delete-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attribute-names "custom:CustomAttr1"

下列程式碼範例示範如何使用 admin-delete-user

AWS CLI

若要刪除使用者

此範例會刪除使用者。

命令:

aws cognito-idp admin-delete-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminDeleteUser

下列程式碼範例示範如何使用 admin-disable-provider-for-user

AWS CLI

從本機使用者設定檔取消聯合身分使用者的連結

下列admin-disable-provider-for-user範例會將 Google 使用者與其連結的本機設定檔中斷連線。

aws cognito-idp admin-disable-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的將聯合身分使用者連結至現有使用者設定檔

下列程式碼範例示範如何使用 admin-disable-user

AWS CLI

防止使用者登入

下列admin-disable-user範例可防止使用者 登入diego@example.com

aws cognito-idp admin-disable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的管理使用者

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminDisableUser

下列程式碼範例示範如何使用 admin-enable-user

AWS CLI

啟用使用者登入

下列admin-enable-user範例會啟用使用者 diego@example.com 的登入。

aws cognito-idp admin-enable-user \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的管理使用者

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminEnableUser

下列程式碼範例示範如何使用 admin-forget-device

AWS CLI

忘記裝置

此範例會忘記使用者名稱為 jane@example.com 的裝置

命令:

aws cognito-idp admin-forget-device --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --device-key us-west-2_abcd_1234-5678
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminForgetDevice

下列程式碼範例示範如何使用 admin-get-device

AWS CLI

取得裝置

下列admin-get-device範例顯示使用者 的一個裝置diego

aws cognito-idp admin-get-device \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111

輸出:

{ "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南中的使用使用者集區中的使用者裝置

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminGetDevice

下列程式碼範例示範如何使用 admin-get-user

AWS CLI

若要取得使用者

此範例取得使用者名稱 jane@example.com 的相關資訊。

命令:

aws cognito-idp admin-get-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com

輸出:

{ "Username": "4320de44-2322-4620-999b-5e2e1c8df013", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548108509.537, "UserAttributes": [ { "Name": "sub", "Value": "4320de44-2322-4620-999b-5e2e1c8df013" }, { "Name": "email_verified", "Value": "true" }, { "Name": "phone_number_verified", "Value": "true" }, { "Name": "phone_number", "Value": "+01115551212" }, { "Name": "email", "Value": "jane@example.com" } ], "UserLastModifiedDate": 1548108509.537 }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 AdminGetUser

下列程式碼範例示範如何使用 admin-initiate-auth

AWS CLI

以管理員身分登入使用者

下列admin-initiate-auth範例會在使用者 diego@example.com 中簽署 。此範例也包含威脅防護的中繼資料和 Lambda 觸發的 ClientMetadata。使用者已設定為 TOTP MFA,並收到挑戰,要求他們先從身分驗證器應用程式提供程式碼,才能完成身分驗證。

aws cognito-idp admin-initiate-auth \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --auth-flow ADMIN_USER_PASSWORD_AUTH \ --auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \ --context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \ --client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}"

輸出:

{ "ChallengeName": "SOFTWARE_TOKEN_MFA", "Session": "AYABeExample...", "ChallengeParameters": { "FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp", "USER_ID_FOR_SRP": "diego@example.com" } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的管理身分驗證流程

  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 AdminInitiateAuth

下列程式碼範例示範如何使用 admin-link-provider-for-user

AWS CLI

將本機使用者連結至聯合身分使用者

下列admin-link-provider-for-user範例會將本機使用者 diego 連結至將與 Google 進行聯合登入的使用者。

aws cognito-idp admin-link-provider-for-user \ --user-pool-id us-west-2_EXAMPLE \ --destination-user ProviderName=Cognito,ProviderAttributeValue=diego \ --source-user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的將聯合身分使用者連結至現有使用者設定檔

下列程式碼範例示範如何使用 admin-list-devices

AWS CLI

列出使用者的裝置

下列admin-list-devices範例會列出使用者 diego 的裝置。

aws cognito-idp admin-list-devices \ --user-pool-id us-west-2_EXAMPLE \ --username diego \ --limit 1

輸出:

{ "Devices": [ { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } ] }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南中的使用使用者集區中的使用者裝置

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 AdminListDevices

下列程式碼範例示範如何使用 admin-list-groups-for-user

AWS CLI

列出使用者的群組

此範例列出使用者名稱 jane@example.com 的群組。

命令:

aws cognito-idp admin-list-groups-for-user --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com

輸出:

{ "Groups": [ { "Description": "Sample group", "Precedence": 1, "LastModifiedDate": 1548097827.125, "RoleArn": "arn:aws:iam::111111111111:role/SampleRole", "GroupName": "SampleGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "CreationDate": 1548097827.125 } ] }

下列程式碼範例示範如何使用 admin-list-user-auth-events

AWS CLI

列出使用者的授權事件

下列admin-list-user-auth-events範例列出使用者 diego 的最新使用者活動日誌事件。

aws cognito-idp admin-list-user-auth-events \ --user-pool-id us-west-2_ywDJHlIfU \ --username brcotter+050123 \ --max-results 1

輸出:

{ "AuthEvents": [ { "EventId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "EventType": "SignIn", "CreationDate": 1726694203.495, "EventResponse": "InProgress", "EventRisk": { "RiskDecision": "AccountTakeover", "RiskLevel": "Medium", "CompromisedCredentialsDetected": false }, "ChallengeResponses": [ { "ChallengeName": "Password", "ChallengeResponse": "Success" } ], "EventContextData": { "IpAddress": "192.0.2.1", "City": "Seattle", "Country": "United States" } } ], "NextToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222#2024-09-18T21:16:43.495Z" }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的檢視和匯出使用者事件歷史記錄

下列程式碼範例示範如何使用 admin-remove-user-from-group

AWS CLI

從群組中移除使用者

此範例會從 SampleGroup 中移除 jane@example.com。

命令:

aws cognito-idp admin-remove-user-from-group --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --group-name SampleGroup

下列程式碼範例示範如何使用 admin-reset-user-password

AWS CLI

重設使用者密碼

此範例會重設 diego@example.com 的密碼。

命令:

aws cognito-idp admin-reset-user-password --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com

下列程式碼範例示範如何使用 admin-respond-to-auth-challenge

AWS CLI

回應身分驗證挑戰

根據您的身分驗證流程、使用者集區組態和使用者設定,有許多方法可以回應不同的身分驗證挑戰。下列admin-respond-to-auth-challenge範例提供 diego@example.com 的 TOTP MFA 程式碼並完成登入。此使用者集區已開啟裝置記住功能,因此身分驗證結果也會傳回新的裝置金鑰。

aws cognito-idp admin-respond-to-auth-challenge \ --user-pool-id us-west-2_EXAMPLE \ --client-id 1example23456789 \ --challenge-name SOFTWARE_TOKEN_MFA \ --challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \ --session AYABeExample...

輸出:

{ "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "eyJra456defEXAMPLE", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "eyJra123abcEXAMPLE", "IdToken": "eyJra789ghiEXAMPLE", "NewDeviceMetadata": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceGroupKey": "-ExAmPlE1" } } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的管理身分驗證流程

下列程式碼範例示範如何使用 admin-set-user-mfa-preference

AWS CLI

設定使用者 MFA 偏好設定

此範例會設定使用者名稱 diego@example.com 的 SMS MFA 偏好設定。

命令:

aws cognito-idp admin-set-user-mfa-preference --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --sms-mfa-settings Enabled=false,PreferredMfa=false

下列程式碼範例示範如何使用 admin-set-user-password

AWS CLI

將使用者密碼設定為管理員

下列admin-set-user-password範例會永久設定 diego@example.com 的密碼。

aws cognito-idp admin-set-user-password \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com \ --password MyExamplePassword1! \ --permanent

此命令不會產生輸出。

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的密碼、密碼復原和密碼政策

下列程式碼範例示範如何使用 admin-set-user-settings

AWS CLI

設定使用者設定

此範例會將使用者名稱 diego@example.com 的 MFA 交付偏好設定設定為 EMAIL。

命令:

aws cognito-idp admin-set-user-settings --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --mfa-options DeliveryMedium=EMAIL

下列程式碼範例示範如何使用 admin-update-auth-event-feedback

AWS CLI

提供授權事件的意見回饋

此範例會將 event-id 識別的授權事件的意見回饋值設定為 Valid。

命令:

aws cognito-idp admin-update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id c2c2cf89-c0d3-482d-aba6-99d78a5b0bfe --feedback-value Valid

下列程式碼範例示範如何使用 admin-update-device-status

AWS CLI

更新裝置狀態

此範例會將裝置金鑰識別之裝置的裝置記住狀態設定為 not_remembered。

命令:

aws cognito-idp admin-update-device-status --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --device-key xxxx --device-remembered-status not_remembered

下列程式碼範例示範如何使用 admin-update-user-attributes

AWS CLI

更新使用者屬性

此範例會更新使用者 diego@example.com 的自訂使用者屬性 CustomAttr1。

命令:

aws cognito-idp admin-update-user-attributes --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --user-attributes Name="custom:CustomAttr1",Value="Purple"

下列程式碼範例示範如何使用 admin-user-global-sign-out

AWS CLI

以管理員身分登出使用者

下列admin-user-global-sign-out範例會將使用者登出 diego@example.com。

aws cognito-idp admin-user-global-sign-out \ --user-pool-id us-west-2_EXAMPLE \ --username diego@example.com

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的使用使用者集區進行身分驗證

下列程式碼範例示範如何使用 associate-software-token

AWS CLI

為 MFA 驗證器應用程式產生私密金鑰

下列associate-software-token範例會為已登入並收到存取權杖的使用者產生 TOTP 私有金鑰。產生的私有金鑰可以手動輸入驗證器應用程式,或應用程式可以將它轉譯為使用者可以掃描的 QR 碼。

aws cognito-idp associate-software-token \ --access-token eyJra456defEXAMPLE

輸出:

{ "SecretCode": "QWERTYUIOP123456EXAMPLE" }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的 TOTP 軟體字符 MFA

下列程式碼範例示範如何使用 change-password

AWS CLI

變更密碼

此範例會變更密碼。

命令:

aws cognito-idp change-password --previous-password OldPassword --proposed-password NewPassword --access-token ACCESS_TOKEN
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 ChangePassword

下列程式碼範例示範如何使用 confirm-device

AWS CLI

確認使用者裝置

下列confirm-device範例會為目前使用者新增新的記住裝置。

aws cognito-idp confirm-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ --device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0

輸出:

{ "UserConfirmationNecessary": false }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南中的使用使用者集區中的使用者裝置

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 ConfirmDevice

下列程式碼範例示範如何使用 confirm-forgot-password

AWS CLI

確認忘記的密碼

此範例會確認使用者名稱 diego@example.com 的忘記密碼。

命令:

aws cognito-idp confirm-forgot-password --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --password PASSWORD --confirmation-code CONF_CODE

下列程式碼範例示範如何使用 confirm-sign-up

AWS CLI

若要確認註冊

此範例會確認註冊使用者名稱 diego@example.com。

命令:

aws cognito-idp confirm-sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username=diego@example.com --confirmation-code CONF_CODE
  • 如需 API 詳細資訊,請參閱《AWS CLI API 參考》中的 ConfirmSignUp

下列程式碼範例示範如何使用 create-group

AWS CLI

建立群組

此範例會建立具有描述的群組。

命令:

aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroup --description "New group."

輸出:

{ "Group": { "GroupName": "MyNewGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group.", "LastModifiedDate": 1548270073.795, "CreationDate": 1548270073.795 } }

建立具有角色和優先順序的群組

此範例會建立具有描述的群組。它也包含角色和優先順序。

命令:

aws cognito-idp create-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyNewGroupWithRole --description "New group with a role." --role-arn arn:aws:iam::111111111111:role/MyNewGroupRole --precedence 2

輸出:

{ "Group": { "GroupName": "MyNewGroupWithRole", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New group with a role.", "RoleArn": "arn:aws:iam::111111111111:role/MyNewGroupRole", "Precedence": 2, "LastModifiedDate": 1548270211.761, "CreationDate": 1548270211.761 } }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 CreateGroup

下列程式碼範例示範如何使用 create-identity-provider

AWS CLI

範例 1:使用中繼資料 URL 建立使用者集區 SAML 身分提供者 (IdP)

下列create-identity-provider範例會建立新的 SAML IdP,其中包含來自公有 URL、屬性映射和兩個識別符的中繼資料。

aws cognito-idp create-identity-provider \ --user-pool-id us-west-2_EXAMPLE \ --provider-name MySAML \ --provider-type SAML \ --provider-details IDPInit=true,IDPSignout=true,EncryptedResponses=true,MetadataURL=https://auth.example.com/sso/saml/metadata,RequestSigningAlgorithm=rsa-sha256 \ --attribute-mapping email=emailaddress,phone_number=phone,custom:111=department \ --idp-identifiers CorpSAML WestSAML

輸出:

{ "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "MIICvTCCAaEXAMPLE", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }, "AttributeMapping": { "custom:111": "department", "emailaddress": "email", "phone": "phone_number" }, "IdpIdentifiers": [ "CorpSAML", "WestSAML" ], "LastModifiedDate": 1726853833.977, "CreationDate": 1726853833.977 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的透過第三方新增使用者集區登入

範例 2:使用中繼資料檔案建立使用者集區 SAML 身分提供者 (IdP)

下列create-identity-provider範例會建立新的 SAML IdP,其中包含來自 檔案的中繼資料、屬性映射和兩個識別符。檔案語法在 --provider-details 參數中的作業系統之間可能不同。為此操作建立 JSON 輸入檔案最簡單:

aws cognito-idp create-identity-provider \ --cli-input-json file://.\SAML-identity-provider.json

SAML-identity-provider.json 的內容:

{ "AttributeMapping": { "email" : "idp_email", "email_verified" : "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "ProviderDetails": { "MetadataFile": "<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.example.com/sso\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>[IDP_CERTIFICATE_DATA]</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.example.com/slo/saml\"/><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://www.example.com/slo/saml\"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.example.com/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://www.example.com/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>", "IDPSignout" : "true", "RequestSigningAlgorithm" : "rsa-sha256", "EncryptedResponses" : "true", "IDPInit" : "true" }, "ProviderName": "MySAML2", "ProviderType": "SAML", "UserPoolId": "us-west-2_EXAMPLE" }

輸出:

{ "IdentityProvider": { "UserPoolId": "us-west-2_EXAMPLE", "ProviderName": "MySAML2", "ProviderType": "SAML", "ProviderDetails": { "ActiveEncryptionCertificate": "[USER_POOL_ENCRYPTION_CERTIFICATE_DATA]", "EncryptedResponses": "true", "IDPInit": "true", "IDPSignout": "true", "MetadataFile": "<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.example.com/sso\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>[IDP_CERTIFICATE_DATA]</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.example.com/slo/saml\"/><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://www.example.com/slo/saml\"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://www.example.com/sso/saml\"/><md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://www.example.com/sso/saml\"/></md:IDPSSODescriptor></md:EntityDescriptor>", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://www.example.com/slo/saml", "SSORedirectBindingURI": "https://www.example.com/sso/saml" }, "AttributeMapping": { "email": "idp_email", "email_verified": "idp_email_verified" }, "IdpIdentifiers": [ "platform" ], "LastModifiedDate": 1726855290.731, "CreationDate": 1726855290.731 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的透過第三方新增使用者集區登入

下列程式碼範例示範如何使用 create-resource-server

AWS CLI

建立使用者集區用戶端

下列create-resource-server範例會建立具有自訂範圍的新資源伺服器。

aws cognito-idp create-resource-server \ --user-pool-id us-west-2_EXAMPLE \ --identifier solar-system-data \ --name "Solar system object tracker" \ --scopes ScopeName=sunproximity.read,ScopeDescription="Distance in AU from Sol" ScopeName=asteroids.add,ScopeDescription="Enter a new asteroid"

輸出:

{ "ResourceServer": { "UserPoolId": "us-west-2_EXAMPLE", "Identifier": "solar-system-data", "Name": "Solar system object tracker", "Scopes": [ { "ScopeName": "sunproximity.read", "ScopeDescription": "Distance in AU from Sol" }, { "ScopeName": "asteroids.add", "ScopeDescription": "Enter a new asteroid" } ] } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的範圍、M2M 和具有資源伺服器的 APIs

下列程式碼範例示範如何使用 create-user-import-job

AWS CLI

建立使用者匯入任務

此範例會建立名為 MyImportJob 的使用者匯入任務。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp create-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-name MyImportJob --cloud-watch-logs-role-arn arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole

輸出:

{ "UserImportJob": { "JobName": "MyImportJob", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }

使用預先簽章的 URL,以 curl 上傳 .csv 檔案:

命令:

curl -v -T "PATH_TO_CSV_FILE" -H "x-amz-server-side-encryption:aws:kms" "PRE_SIGNED_URL"

下列程式碼範例示範如何使用 create-user-pool-client

AWS CLI

建立使用者集區用戶端

下列create-user-pool-client範例會建立新的使用者集區用戶端,其中包含用戶端秘密、明確的讀取和寫入屬性、使用使用者名稱密碼和 SRP 流程登入、使用三個 IdPs 登入、存取 OAuth 範圍的子集、PinPoint 分析,以及延伸的身分驗證工作階段有效性。

aws cognito-idp create-user-pool-client \ --user-pool-id us-west-2_EXAMPLE \ --client-name MyTestClient \ --generate-secret \ --refresh-token-validity 10 \ --access-token-validity 60 \ --id-token-validity 60 \ --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ --read-attributes email phone_number email_verified phone_number_verified \ --write-attributes email phone_number \ --explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \ --supported-identity-providers Google Facebook MyOIDC \ --callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \ --allowed-o-auth-flows code implicit \ --allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \ --allowed-o-auth-flows-user-pool-client \ --analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \ --prevent-user-existence-errors ENABLED \ --enable-token-revocation \ --enable-propagate-additional-user-context-data \ --auth-session-validity 4

輸出:

{ "UserPoolClient": { "UserPoolId": "us-west-2_EXAMPLE", "ClientName": "MyTestClient", "ClientId": "123abc456defEXAMPLE", "ClientSecret": "this1234is5678my91011example1213client1415secret", "LastModifiedDate": 1726788459.464, "CreationDate": 1726788459.464, "RefreshTokenValidity": 10, "AccessTokenValidity": 60, "IdTokenValidity": 60, "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "days" }, "ReadAttributes": [ "email_verified", "phone_number_verified", "phone_number", "email" ], "WriteAttributes": [ "phone_number", "email" ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "SupportedIdentityProviders": [ "Google", "MyOIDC", "Facebook" ], "CallbackURLs": [ "https://example.com", "https://www.amazon.com", "myapp://example", "http://localhost:8001" ], "AllowedOAuthFlows": [ "implicit", "code" ], "AllowedOAuthScopes": [ "aws.cognito.signin.user.admin", "openid", "profile", "solar-system-data/asteroids.add" ], "AllowedOAuthFlowsUserPoolClient": true, "AnalyticsConfiguration": { "ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid", "RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp", "UserDataShared": true }, "PreventUserExistenceErrors": "ENABLED", "EnableTokenRevocation": true, "EnablePropagateAdditionalUserContextData": true, "AuthSessionValidity": 4 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的應用程式用戶端的應用程式特定設定

下列程式碼範例示範如何使用 create-user-pool-domain

AWS CLI

範例 1:建立使用者集區網域

下列create-user-pool-domain範例會建立新的自訂網域。

aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE \ --domain auth.example.com \ --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222

輸出:

{ "CloudFrontDomain": "example1domain.cloudfront.net" }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的設定使用者集區網域

範例 2:建立使用者集區網域

下列create-user-pool-domain範例會建立一個具有服務擁有字首的新網域。

aws cognito-idp create-user-pool-domain \ --user-pool-id us-west-2_EXAMPLE2 \ --domain mydomainprefix

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的設定使用者集區網域

下列程式碼範例示範如何使用 create-user-pool

AWS CLI

建立最低限度設定的使用者集區

此範例會使用預設值建立名為 MyUserPool 的使用者集區。沒有必要的屬性,也沒有應用程式用戶端。MFA 和進階安全性已停用。

命令:

aws cognito-idp create-user-pool --pool-name MyUserPool

輸出:

{ "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547833345.777, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": {}, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "CreationDate": 1547833345.777, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } }

用兩個必要屬性建立新的使用者集區

此範例會建立使用者集區 MyUserPool。集區設定為接受電子郵件作為使用者名稱屬性。它也會使用 Amazon Simple Email Service,將電子郵件來源地址設定為經過驗證的地址。

命令:

aws cognito-idp create-user-pool --pool-name MyUserPool --username-attributes "email" --email-configuration=SourceArn="arn:aws:ses:us-east-1:111111111111:identity/jane@example.com",ReplyToEmailAddress="jane@example.com"

輸出:

{ "UserPool": { "SchemaAttributes": [ { "Name": "sub", "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": true, "AttributeDataType": "String", "Mutable": false }, { "Name": "name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "given_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "family_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "middle_name", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "nickname", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "preferred_username", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "profile", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "picture", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "website", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "email", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "email_verified", "Mutable": true }, { "Name": "gender", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "birthdate", "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "zoneinfo", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "locale", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "phone_number", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Required": false, "Name": "phone_number_verified", "Mutable": true }, { "Name": "address", "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "String", "Mutable": true }, { "Name": "updated_at", "NumberAttributeConstraints": { "MinValue": "0" }, "DeveloperOnlyAttribute": false, "Required": false, "AttributeDataType": "Number", "Mutable": true } ], "MfaConfiguration": "OFF", "Name": "MyUserPool", "LastModifiedDate": 1547837788.189, "AdminCreateUserConfig": { "UnusedAccountValidityDays": 7, "AllowAdminCreateUserOnly": false }, "EmailConfiguration": { "ReplyToEmailAddress": "jane@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/jane@example.com" }, "Policies": { "PasswordPolicy": { "RequireLowercase": true, "RequireSymbols": true, "RequireNumbers": true, "MinimumLength": 8, "RequireUppercase": true } }, "UsernameAttributes": [ "email" ], "CreationDate": 1547837788.189, "EstimatedNumberOfUsers": 0, "Id": "us-west-2_aaaaaaaaa", "LambdaConfig": {} } }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 CreateUserPool

下列程式碼範例示範如何使用 delete-group

AWS CLI

刪除群組

此範例會刪除群組。

命令:

aws cognito-idp delete-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroupName
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 DeleteGroup

下列程式碼範例示範如何使用 delete-identity-provider

AWS CLI

刪除身分提供者

此範例會刪除身分提供者。

命令:

aws cognito-idp delete-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook

下列程式碼範例示範如何使用 delete-resource-server

AWS CLI

刪除資源伺服器

此範例會刪除名為 weather.example.com 的資源伺服器。

命令:

aws cognito-idp delete-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com

下列程式碼範例示範如何使用 delete-user-attributes

AWS CLI

刪除使用者屬性

下列delete-user-attributes範例會從目前登入的使用者中刪除自訂屬性 "custom:attribute"。

aws cognito-idp delete-user-attributes \ --access-token ACCESS_TOKEN \ --user-attribute-names "custom:department"

此命令不會產生輸出。

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的使用使用者屬性

下列程式碼範例示範如何使用 delete-user-pool-client

AWS CLI

刪除使用者集區用戶端

此範例會刪除使用者集區用戶端。

命令:

aws cognito-idp delete-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0

下列程式碼範例示範如何使用 delete-user-pool-domain

AWS CLI

刪除使用者集區網域

下列delete-user-pool-domain範例會刪除名為 的使用者集區網域 my-domain

aws cognito-idp delete-user-pool-domain \ --user-pool-id us-west-2_aaaaaaaaa \ --domain my-domain

下列程式碼範例示範如何使用 delete-user-pool

AWS CLI

刪除使用者集區

此範例使用使用者集區 ID us-west-2_aaaaaaaaa 刪除使用者集區。

命令:

aws cognito-idp delete-user-pool --user-pool-id us-west-2_aaaaaaaaa
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 DeleteUserPool

下列程式碼範例示範如何使用 delete-user

AWS CLI

若要刪除使用者

此範例會刪除使用者。

命令:

aws cognito-idp delete-user --access-token ACCESS_TOKEN
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 DeleteUser

下列程式碼範例示範如何使用 describe-identity-provider

AWS CLI

描述身分提供者

此範例說明名為 Facebook 的身分提供者。

命令:

aws cognito-idp describe-identity-provider --user-pool-id us-west-2_aaaaaaaaa --provider-name Facebook

輸出:

{ "IdentityProvider": { "UserPoolId": "us-west-2_aaaaaaaaa", "ProviderName": "Facebook", "ProviderType": "Facebook", "ProviderDetails": { "attributes_url": "https://graph.facebook.com/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": myscope", "authorize_url": "https://www.facebook.com/v2.9/dialog/oauth", "client_id": "11111", "client_secret": "11111", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v2.9/oauth/access_token" }, "AttributeMapping": { "username": "id" }, "IdpIdentifiers": [], "LastModifiedDate": 1548105901.736, "CreationDate": 1548105901.736 } }

下列程式碼範例示範如何使用 describe-resource-server

AWS CLI

描述資源伺服器

此範例說明 資源伺服器 weather.example.com。

命令:

aws cognito-idp describe-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com

輸出:

{ "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Weather", "Scopes": [ { "ScopeName": "weather.update", "ScopeDescription": "Update weather forecast" }, { "ScopeName": "weather.read", "ScopeDescription": "Read weather forecasts" }, { "ScopeName": "weather.delete", "ScopeDescription": "Delete a weather forecast" } ] } }

下列程式碼範例示範如何使用 describe-risk-configuration

AWS CLI

描述風險組態

此範例說明與集區 us-west-2_aaaaaaaaaa 相關聯的風險組態。

命令:

aws cognito-idp describe-risk-configuration --user-pool-id us-west-2_aaaaaaaaa

輸出:

{ "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_IN", "SIGN_UP", "PASSWORD_CHANGE" ], "Actions": { "EventAction": "BLOCK" } }, "AccountTakeoverRiskConfiguration": { "NotifyConfiguration": { "From": "diego@example.com", "ReplyTo": "diego@example.com", "SourceArn": "arn:aws:ses:us-east-1:111111111111:identity/diego@example.com", "BlockEmail": { "Subject": "Blocked sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We blocked an unrecognized sign-in to your account with this information:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We blocked an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "NoActionEmail": { "Subject": "New sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We observed an unrecognized sign-in to your account with this information:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We observed an unrecognized sign-in to your account with this information:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" }, "MfaEmail": { "Subject": "New sign-in attempt", "HtmlBody": "<!DOCTYPE html>\n<html>\n<head>\n\t<title>HTML email context</title>\n\t<meta charset=\"utf-8\">\n</head>\n<body>\n<pre>We required you to use multi-factor authentication for the following sign-in attempt:\n<ul>\n<li>Time: {login-time}</li>\n<li>Device: {device-name}</li>\n<li>Location: {city}, {country}</li>\n</ul>\nIf this sign-in was not by you, you should change your password and notify us by clicking on <a href={one-click-link-invalid}>this link</a>\nIf this sign-in was by you, you can follow <a href={one-click-link-valid}>this link</a> to let us know</pre>\n</body>\n</html>", "TextBody": "We required you to use multi-factor authentication for the following sign-in attempt:\nTime: {login-time}\nDevice: {device-name}\nLocation: {city}, {country}\nIf this sign-in was not by you, you should change your password and notify us by clicking on {one-click-link-invalid}\nIf this sign-in was by you, you can follow {one-click-link-valid} to let us know" } }, "Actions": { "LowAction": { "Notify": true, "EventAction": "NO_ACTION" }, "MediumAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" }, "HighAction": { "Notify": true, "EventAction": "MFA_IF_CONFIGURED" } } } } }

下列程式碼範例示範如何使用 describe-user-import-job

AWS CLI

描述使用者匯入任務

此範例說明使用者輸入任務。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp describe-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW

輸出:

{ "UserImportJob": { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED URL", "CreationDate": 1548271708.512, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }

下列程式碼範例示範如何使用 describe-user-pool-client

AWS CLI

描述使用者集區用戶端

此範例說明使用者集區用戶端。

命令:

aws cognito-idp describe-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 38fjsnc484p94kpqsnet7mpld0

輸出:

{ "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "MyApp", "ClientId": "38fjsnc484p94kpqsnet7mpld0", "ClientSecret": "CLIENT_SECRET", "LastModifiedDate": 1548108676.163, "CreationDate": 1548108676.163, "RefreshTokenValidity": 30, "ReadAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "WriteAttributes": [ "address", "birthdate", "custom:CustomAttr1", "custom:CustomAttr2", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo" ], "ExplicitAuthFlows": [ "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH" ], "AllowedOAuthFlowsUserPoolClient": false } }

下列程式碼範例示範如何使用 describe-user-pool-domain

AWS CLI

描述使用者集區用戶端

此範例說明名為 my-domain 的使用者集區網域。

命令:

aws cognito-idp describe-user-pool-domain --domain my-domain

輸出:

{ "DomainDescription": { "UserPoolId": "us-west-2_aaaaaaaaa", "AWSAccountId": "111111111111", "Domain": "my-domain", "S3Bucket": "aws-cognito-prod-pdx-assets", "CloudFrontDistribution": "aaaaaaaaaaaaa.cloudfront.net", "Version": "20190128175402", "Status": "ACTIVE", "CustomDomainConfig": {} } }

下列程式碼範例示範如何使用 describe-user-pool

AWS CLI

描述使用者集區

下列範例說明使用者集區 ID us-west-2_EXAMPLE 的使用者集區。

aws cognito-idp describe-user-pool \ --user-pool-id us-west-2_EXAMPLE

輸出:

{ "UserPool": { "Id": "us-west-2_EXAMPLE", "Name": "MyUserPool", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireUppercase": true, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "TemporaryPasswordValidityDays": 1 } }, "DeletionProtection": "ACTIVE", "LambdaConfig": { "PreSignUp": "arn:aws:lambda:us-west-2:123456789012:function:MyPreSignUpFunction", "CustomMessage": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomMessageFunction", "PostConfirmation": "arn:aws:lambda:us-west-2:123456789012:function:MyPostConfirmationFunction", "PreAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPreAuthenticationFunction", "PostAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPostAuthenticationFunction", "DefineAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyDefineAuthChallengeFunction", "CreateAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyCreateAuthChallengeFunction", "VerifyAuthChallengeResponse": "arn:aws:lambda:us-west-2:123456789012:function:MyVerifyAuthChallengeFunction", "PreTokenGeneration": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction", "UserMigration": "arn:aws:lambda:us-west-2:123456789012:function:MyMigrateUserFunction", "PreTokenGenerationConfig": { "LambdaVersion": "V2_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction" }, "CustomSMSSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomSMSSenderFunction" }, "CustomEmailSender": { "LambdaVersion": "V1_0", "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomEmailSenderFunction" }, "KMSKeyID": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, "LastModifiedDate": 1726784814.598, "CreationDate": 1602103465.273, "SchemaAttributes": [ { "Name": "sub", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": false, "Required": true, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" } }, { "Name": "name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "given_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "family_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "middle_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "nickname", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "preferred_username", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "profile", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "picture", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "website", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "gender", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "birthdate", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" } }, { "Name": "zoneinfo", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "locale", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "address", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "updated_at", "AttributeDataType": "Number", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "NumberAttributeConstraints": { "MinValue": "0" } }, { "Name": "identities", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": {} }, { "Name": "custom:111", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "256" } }, { "Name": "dev:custom:222", "AttributeDataType": "String", "DeveloperOnlyAttribute": true, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "421" } }, { "Name": "custom:accesstoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } }, { "Name": "custom:idtoken", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MaxLength": "2048" } } ], "AutoVerifiedAttributes": [ "email" ], "SmsVerificationMessage": "Your verification code is {####}. ", "EmailVerificationMessage": "Your verification code is {####}. ", "EmailVerificationSubject": "Your verification code", "VerificationMessageTemplate": { "SmsMessage": "Your verification code is {####}. ", "EmailMessage": "Your verification code is {####}. ", "EmailSubject": "Your verification code", "EmailMessageByLink": "Please click the link below to verify your email address. <b>{##Verify Your Email##}</b>\n this is from us-west-2_ywDJHlIfU", "EmailSubjectByLink": "Your verification link", "DefaultEmailOption": "CONFIRM_WITH_LINK" }, "SmsAuthenticationMessage": "Your verification code is {####}. ", "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [] }, "MfaConfiguration": "OPTIONAL", "DeviceConfiguration": { "ChallengeRequiredOnNewDevice": true, "DeviceOnlyRememberedOnUserPrompt": false }, "EstimatedNumberOfUsers": 166, "EmailConfiguration": { "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com", "EmailSendingAccount": "DEVELOPER" }, "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/userpool-SMS-Role", "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SnsRegion": "us-west-2" }, "UserPoolTags": {}, "Domain": "myCustomDomain", "CustomDomain": "auth.example.com", "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": false, "UnusedAccountValidityDays": 1, "InviteMessageTemplate": { "SMSMessage": "Your username is {username} and temporary password is {####}. ", "EmailMessage": "Your username is {username} and temporary password is {####}. ", "EmailSubject": "Your temporary password" } }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", "AdvancedSecurityAdditionalFlows": {} }, "Arn": "arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE", "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Priority": 1, "Name": "verified_email" } ] } } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的Amazon Cognito 使用者集區

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 DescribeUserPool

下列程式碼範例示範如何使用 forget-device

AWS CLI

忘記裝置

此範例會忘記裝置。

命令:

aws cognito-idp forget-device --device-key us-west-2_abcd_1234-5678
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 ForgetDevice

下列程式碼範例示範如何使用 forgot-password

AWS CLI

強制變更密碼

下列forgot-password範例會傳送訊息至 jane@example.com 以變更其密碼。

aws cognito-idp forgot-password --client-id 38fjsnc484p94kpqsnet7mpld0 --username jane@example.com

輸出:

{ "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } }
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 ForgotPassword

下列程式碼範例示範如何使用 get-csv-header

AWS CLI

建立 csv 標頭

此範例會建立 csv 標頭。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp get-csv-header --user-pool-id us-west-2_aaaaaaaaa

輸出:

{ "UserPoolId": "us-west-2_aaaaaaaaa", "CSVHeader": [ "name", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "email", "email_verified", "gender", "birthdate", "zoneinfo", "locale", "phone_number", "phone_number_verified", "address", "updated_at", "cognito:mfa_enabled", "cognito:username" ] }

... 從 CSV 檔案將使用者匯入使用者集區:https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-using-import-tool.html

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 GetCsvHeader

下列程式碼範例示範如何使用 get-device

AWS CLI

取得裝置

下列get-device範例顯示目前登入使用者的一個裝置。

aws cognito-idp get-device \ --access-token eyJra456defEXAMPLE \ --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111

輸出:

{ "Device": { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的使用使用者集區中的使用者裝置

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 GetDevice

下列程式碼範例示範如何使用 get-group

AWS CLI

取得群組的相關資訊

下列get-group範例列出名為 的使用者群組屬性MyGroup。此群組具有與其相關聯的優先順序和 IAM 角色。

aws cognito-idp get-group \ --user-pool-id us-west-2_EXAMPLE \ --group-name MyGroup

輸出:

{ "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_EXAMPLE", "RoleArn": "arn:aws:iam::123456789012:role/example-cognito-role", "Precedence": 7, "LastModifiedDate": 1697211218.305, "CreationDate": 1611685503.954 } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的將群組新增至使用者集區。

  • 如需 API 詳細資訊,請參閱 AWS CLI Command Reference 中的 GetGroup

下列程式碼範例示範如何使用 get-signing-certificate

AWS CLI

取得簽署憑證

此範例會取得使用者集區的簽署憑證。

命令:

aws cognito-idp get-signing-certificate --user-pool-id us-west-2_aaaaaaaaa

輸出:

{ "Certificate": "CERTIFICATE_DATA" }

下列程式碼範例示範如何使用 get-ui-customization

AWS CLI

取得 UI 自訂資訊

此範例會取得使用者集區的 UI 自訂資訊。

命令:

aws cognito-idp get-ui-customization --user-pool-id us-west-2_aaaaaaaaa

輸出:

{ "UICustomization": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientId": "ALL", "ImageUrl": "https://aaaaaaaaaaaaa.cloudfront.net/us-west-2_aaaaaaaaa/ALL/20190128231240/assets/images/image.jpg", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", "CSSVersion": "20190128231240" } }

下列程式碼範例示範如何使用 list-devices

AWS CLI

列出使用者的裝置

下列list-devices範例列出目前登入使用者的裝置。

aws cognito-idp admin-list-devices \ --user-pool-id us-west-2_EXAMPLE \ --access-token eyJra456defEXAMPLE \ --limit 1

輸出:

{ "Devices": [ { "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "DeviceAttributes": [ { "Name": "device_status", "Value": "valid" }, { "Name": "device_name", "Value": "MyDevice" }, { "Name": "dev:device_arn", "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, { "Name": "dev:device_owner", "Value": "diego.us-west-2_EXAMPLE" }, { "Name": "last_ip_used", "Value": "192.0.2.1" }, { "Name": "dev:device_remembered_status", "Value": "remembered" }, { "Name": "dev:device_sdk", "Value": "aws-sdk" } ], "DeviceCreateDate": 1715100742.022, "DeviceLastModifiedDate": 1723233651.167, "DeviceLastAuthenticatedDate": 1715100742.0 } ] }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南中的使用使用者集區中的使用者裝置

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 ListDevices

下列程式碼範例示範如何使用 list-user-import-jobs

AWS CLI

列出使用者匯入任務

此範例列出使用者匯入任務。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp list-user-import-jobs --user-pool-id us-west-2_aaaaaaaaa --max-results 20

輸出:

{ "UserImportJobs": [ { "JobName": "Test2", "JobId": "import-d0OnwGA3mV", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548272793.069, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 }, { "JobName": "Test1", "JobId": "import-qQ0DCt2fRh", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271795.471, "Status": "Created", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 }, { "JobName": "import-Test1", "JobId": "import-TZqNQvDRnW", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548271708.512, "StartDate": 1548277247.962, "CompletionDate": 1548277248.912, "Status": "Failed", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 1, "CompletionMessage": "Too many users have failed or been skipped during the import." } ] }

下列程式碼範例示範如何使用 list-user-pools

AWS CLI

若要列出使用者集區

此範例會列出多達 20 個使用者集區。

命令:

aws cognito-idp list-user-pools --max-results 20

輸出:

{ "UserPools": [ { "CreationDate": 1547763720.822, "LastModifiedDate": 1547763720.822, "LambdaConfig": {}, "Id": "us-west-2_aaaaaaaaa", "Name": "MyUserPool" } ] }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 ListUserPools

下列程式碼範例示範如何使用 list-users-in-group

AWS CLI

列出群組中的使用者

此範例列出群組 MyGroup 中的使用者。

命令:

aws cognito-idp list-users-in-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup

輸出:

{ "Users": [ { "Username": "acf10624-80bb-401a-ac61-607bee2110ec", "Attributes": [ { "Name": "sub", "Value": "acf10624-80bb-401a-ac61-607bee2110ec" }, { "Name": "custom:CustomAttr1", "Value": "New Value!" }, { "Name": "email", "Value": "jane@example.com" } ], "UserCreateDate": 1548102770.284, "UserLastModifiedDate": 1548103204.893, "Enabled": true, "UserStatus": "CONFIRMED" }, { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "diego@example.com" } ], "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD" } ] }
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 ListUsersInGroup

下列程式碼範例示範如何使用 list-users

AWS CLI

若要列出使用者

此範例最多可列出 20 位使用者。

命令:

aws cognito-idp list-users --user-pool-id us-west-2_aaaaaaaaa --limit 20

輸出:

{ "Users": [ { "Username": "22704aa3-fc10-479a-97eb-2af5806bd327", "Enabled": true, "UserStatus": "FORCE_CHANGE_PASSWORD", "UserCreateDate": 1548089817.683, "UserLastModifiedDate": 1548089817.683, "Attributes": [ { "Name": "sub", "Value": "22704aa3-fc10-479a-97eb-2af5806bd327" }, { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": "mary@example.com" } ] } ] }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 ListUsers

下列程式碼範例示範如何使用 resend-confirmation-code

AWS CLI

若要重新傳送確認碼

下列 resend-confirmation-code 範例會傳送確認碼給使用者 jane

aws cognito-idp resend-confirmation-code \ --client-id 12a3b456c7de890f11g123hijk \ --username jane

輸出:

{ "CodeDeliveryDetails": { "Destination": "j***@e***.com", "DeliveryMedium": "EMAIL", "AttributeName": "email" } }

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的註冊及確認使用者帳戶

下列程式碼範例示範如何使用 respond-to-auth-challenge

AWS CLI

若要回應身分驗證挑戰

此範例回應使用初始化身份驗證啟動的授權挑戰。這是對 NEW_PASSWORD_REQUIRED 挑戰的回應。它為使用者 jane@example.com 設定密碼。

命令:

aws cognito-idp respond-to-auth-challenge --client-id 3n4b5urk1ft4fl3mg5e62d9ado --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses USERNAME=jane@example.com,NEW_PASSWORD="password" --session "SESSION_TOKEN"

輸出:

{ "ChallengeParameters": {}, "AuthenticationResult": { "AccessToken": "ACCESS_TOKEN", "ExpiresIn": 3600, "TokenType": "Bearer", "RefreshToken": "REFRESH_TOKEN", "IdToken": "ID_TOKEN", "NewDeviceMetadata": { "DeviceKey": "us-west-2_fec070d2-fa88-424a-8ec8-b26d7198eb23", "DeviceGroupKey": "-wt2ha1Zd" } } }

下列程式碼範例示範如何使用 set-risk-configuration

AWS CLI

設定風險組態

此範例會設定使用者集區的風險組態。它會將註冊事件動作設定為 NO_ACTION。

命令:

aws cognito-idp set-risk-configuration --user-pool-id us-west-2_aaaaaaaaa --compromised-credentials-risk-configuration EventFilter=SIGN_UP,Actions={EventAction=NO_ACTION}

輸出:

{ "RiskConfiguration": { "UserPoolId": "us-west-2_aaaaaaaaa", "CompromisedCredentialsRiskConfiguration": { "EventFilter": [ "SIGN_UP" ], "Actions": { "EventAction": "NO_ACTION" } } } }

下列程式碼範例示範如何使用 set-ui-customization

AWS CLI

設定 UI 自訂

此範例會自訂使用者集區的 CSS 設定。

命令:

aws cognito-idp set-ui-customization --user-pool-id us-west-2_aaaaaaaaa --css ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n"

輸出:

{ "UICustomization": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientId": "ALL", "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", "CSSVersion": "20190129172214" } }

下列程式碼範例示範如何使用 set-user-mfa-preference

AWS CLI

設定使用者 MFA 設定

下列set-user-mfa-preference範例會修改 MFA 交付選項。它會將 MFA 交付媒體變更為 SMS。

aws cognito-idp set-user-mfa-preference \ --access-token "eyJra12345EXAMPLE" \ --software-token-mfa-settings Enabled=true,PreferredMfa=true \ --sms-mfa-settings Enabled=false,PreferredMfa=false

此命令不會產生輸出。

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的將 MFA 新增至使用者集區。

下列程式碼範例示範如何使用 set-user-settings

AWS CLI

設定使用者設定

此範例會將 MFA 交付偏好設定設定為 EMAIL。

命令:

aws cognito-idp set-user-settings --access-token ACCESS_TOKEN --mfa-options DeliveryMedium=EMAIL
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 SetUserSettings

下列程式碼範例示範如何使用 sign-up

AWS CLI

若要將使用者登出

此範例註冊了 jane@example.com。

命令:

aws cognito-idp sign-up --client-id 3n4b5urk1ft4fl3mg5e62d9ado --username jane@example.com --password PASSWORD --user-attributes Name="email",Value="jane@example.com" Name="name",Value="Jane"

輸出:

{ "UserConfirmed": false, "UserSub": "e04d60a6-45dc-441c-a40b-e25a787d4862" }
  • 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 SignUp

下列程式碼範例示範如何使用 start-user-import-job

AWS CLI

啟動使用者匯入任務

此範例會啟動使用者輸入任務。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp start-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW

輸出:

{ "UserImportJob": { "JobName": "import-Test10", "JobId": "import-lmpxSOuIzH", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548278378.928, "StartDate": 1548278397.334, "Status": "Pending", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0 } }

下列程式碼範例示範如何使用 stop-user-import-job

AWS CLI

停止使用者匯入任務

此範例會停止使用者輸入任務。

如需匯入使用者的詳細資訊,請參閱從 CSV 檔案將使用者匯入使用者集區。

命令:

aws cognito-idp stop-user-import-job --user-pool-id us-west-2_aaaaaaaaa --job-id import-TZqNQvDRnW

輸出:

{ "UserImportJob": { "JobName": "import-Test5", "JobId": "import-Fx0kARISFL", "UserPoolId": "us-west-2_aaaaaaaaa", "PreSignedUrl": "PRE_SIGNED_URL", "CreationDate": 1548278576.259, "StartDate": 1548278623.366, "CompletionDate": 1548278626.741, "Status": "Stopped", "CloudWatchLogsRoleArn": "arn:aws:iam::111111111111:role/CognitoCloudWatchLogsRole", "ImportedUsers": 0, "SkippedUsers": 0, "FailedUsers": 0, "CompletionMessage": "The Import Job was stopped by the developer." } }
  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 StopUserImportJob

下列程式碼範例示範如何使用 update-auth-event-feedback

AWS CLI

更新驗證事件意見回饋

此範例會更新授權事件意見回饋。它會標記事件「有效」。

命令:

aws cognito-idp update-auth-event-feedback --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com --event-id EVENT_ID --feedback-token FEEDBACK_TOKEN --feedback-value "Valid"

下列程式碼範例示範如何使用 update-device-status

AWS CLI

更新裝置狀態

此範例會將裝置的狀態更新為 "not_remembered"。

命令:

aws cognito-idp update-device-status --access-token ACCESS_TOKEN --device-key DEVICE_KEY --device-remembered-status "not_remembered"

下列程式碼範例示範如何使用 update-group

AWS CLI

更新群組

此範例會更新 MyGroup 的描述和優先順序。

命令:

aws cognito-idp update-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup --description "New description" --precedence 2

輸出:

{ "Group": { "GroupName": "MyGroup", "UserPoolId": "us-west-2_aaaaaaaaa", "Description": "New description", "RoleArn": "arn:aws:iam::111111111111:role/MyRole", "Precedence": 2, "LastModifiedDate": 1548800862.812, "CreationDate": 1548097827.125 } }
  • 如需 API 詳細資訊,請參閱 AWS CLI Command Reference 中的 UpdateGroup

下列程式碼範例示範如何使用 update-resource-server

AWS CLI

更新資源伺服器

此範例會更新資源伺服器天氣。它會新增一個範圍。

命令:

aws cognito-idp update-resource-server --user-pool-id us-west-2_aaaaaaaaa --identifier weather.example.com --name Weather --scopes ScopeName=NewScope,ScopeDescription="New scope description"

輸出:

{ "ResourceServer": { "UserPoolId": "us-west-2_aaaaaaaaa", "Identifier": "weather.example.com", "Name": "Happy", "Scopes": [ { "ScopeName": "NewScope", "ScopeDescription": "New scope description" } ] } }

下列程式碼範例示範如何使用 update-user-attributes

AWS CLI

更新使用者屬性

此範例會更新使用者屬性 "nickname"。

命令:

aws cognito-idp update-user-attributes --access-token ACCESS_TOKEN --user-attributes Name="nickname",Value="Dan"

下列程式碼範例示範如何使用 update-user-pool-client

AWS CLI

更新使用者集區用戶端

此範例會更新使用者集區用戶端的名稱。它也會新增可寫入屬性 "nickname"。

命令:

aws cognito-idp update-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-id 3n4b5urk1ft4fl3mg5e62d9ado --client-name "NewClientName" --write-attributes "nickname"

輸出:

{ "UserPoolClient": { "UserPoolId": "us-west-2_aaaaaaaaa", "ClientName": "NewClientName", "ClientId": "3n4b5urk1ft4fl3mg5e62d9ado", "LastModifiedDate": 1548802761.334, "CreationDate": 1548178931.258, "RefreshTokenValidity": 30, "WriteAttributes": [ "nickname" ], "AllowedOAuthFlowsUserPoolClient": false } }

下列程式碼範例示範如何使用 update-user-pool

AWS CLI

更新使用者集區

下列update-user-pool範例使用每個可用組態選項的範例語法來修改使用者集區。若要更新使用者集區,您必須指定所有先前設定的選項,否則它們會重設為預設值。

aws cognito-idp update-user-pool --user-pool-id us-west-2_EXAMPLE \ --policies PasswordPolicy=\{MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7\} \ --deletion-protection ACTIVE \ --lambda-config PreSignUp="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-presignup-function",PreTokenGeneration="arn:aws:lambda:us-west-2:123456789012:function:cognito-test-pretoken-function" \ --auto-verified-attributes "phone_number" "email" \ --verification-message-template \{\"SmsMessage\":\""Your code is {####}"\",\"EmailMessage\":\""Your code is {####}"\",\"EmailSubject\":\""Your verification code"\",\"EmailMessageByLink\":\""Click {##here##} to verify your email address."\",\"EmailSubjectByLink\":\""Your verification link"\",\"DefaultEmailOption\":\"CONFIRM_WITH_LINK\"\} \ --sms-authentication-message "Your code is {####}" \ --user-attribute-update-settings AttributesRequireVerificationBeforeUpdate="email","phone_number" \ --mfa-configuration "OPTIONAL" \ --device-configuration ChallengeRequiredOnNewDevice=true,DeviceOnlyRememberedOnUserPrompt=true \ --email-configuration SourceArn="arn:aws:ses:us-west-2:123456789012:identity/admin@example.com",ReplyToEmailAddress="amdin+noreply@example.com",EmailSendingAccount=DEVELOPER,From="admin@amazon.com",ConfigurationSet="test-configuration-set" \ --sms-configuration SnsCallerArn="arn:aws:iam::123456789012:role/service-role/SNS-SMS-Role",ExternalId="12345",SnsRegion="us-west-2" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-tags "Function"="MyMobileGame","Developers"="Berlin" \ --admin-create-user-config AllowAdminCreateUserOnly=false,InviteMessageTemplate=\{SMSMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailMessage=\""Welcome {username}. Your confirmation code is {####}"\",EmailSubject=\""Welcome to MyMobileGame"\"\} \ --user-pool-add-ons AdvancedSecurityMode="AUDIT" \ --account-recovery-setting RecoveryMechanisms=\[\{Priority=1,Name="verified_email"\},\{Priority=2,Name="verified_phone_number"\}\]

此命令不會產生輸出。

如需詳細資訊,請參閱《Amazon Cognito 開發人員指南》中的更新使用者集區組態

  • 如需 API 詳細資訊,請參閱 AWS CLI 命令參考中的 UpdateUserPool