How do admin create user in cognito aws using AWS CLI Builder? - amazon-web-services

aws cognito-idp admin-create-user --user-pool-id us-west-2_####### --username test --user-attributes Name="name",Value="demo" Name="email",Value="demo#mail.com" Name="family_name",Value="test" Name="birthdate",Value="01-01-1999" Name="gender",Value="female" Name="middle_name",Value="demo" --region ap-southeast-2 --output json
error--
An error occurred (UserLambdaValidationException) when calling the AdminCreateUser operation: PreSignUp failed with error cannot unpack non-iterable NoneType object.
create new user in awsclibuilder

Related

aws cognito-idp list-users : filter by email domain?

I can filter on addresses that start with "john#"
aws cognito-idp list-users --user-pool-id my-pool --filter "email ^= \"john#\"" --limit 20
Is it possible to filter on ends with "#gmail.com"?
Not at the moment. You can follow this issue to see if in the future they add this feature: https://github.com/aws/aws-sdk-js/issues/3136
Yes it is possible.
If you use the --query instead of --filter you can query on anything in the resulting response by using JMESPath.
So to filter out #gmail.com you can do:
aws cognito-idp list-users --user-pool-id my-pool --query 'Users[?Attributes[?Name==`email` && contains(Value, `gmail.com`)]]

AWS Cognito: User exist in the User pool but Sign in gives user not found exception

I am new to AWS Cognito. I have created a user in the user pool using aws cli by using the admin create user command. Then I am trying to log in using SSO, but it gives a
user doesn't exist
message.
Command to create user:
aws cognito-idp admin-create-user \
--user-pool-id POOLID \
--username USERNAME \
--temporary-password PASSWORD \
--user-attributes Name=email,Value=XXX Name=phone_number,Value=XXX\
--message-action SUPPRESS
URL to access cognito:
https://<domain_name>.us-east-1.amazoncognito.com/login?client_id=<clientId>&response_type=code&scope=email+openid&redirect_uri=<redirect-uri>

aws cognito attribute 'address' doesn't follow its own documentation

I was looking through aws docs at https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html as I needed to update the address for a user. According to the docs it says it follows the openID spec which for an address is a json object. However it errors on anything that is not a string.
I'm using the aws cli and calling it like so:
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value={"street_address": "123 Fake Street","locality": "Somewhere","postal_code":"AA1 1AA"}
the following also doesn't work:
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value="123 Fake Street, Somewhere"
Parameter validation failed:
Invalid type for parameter UserAttributes[0].Value, value: ['123 Fake
Street', 'Somewhere'], type: <class 'list'>, valid types: <class 'str'>
Am I inputting something wrong or is aws docs incorrect and only allowing strings through
I just ran into this issue as well, I couldn't find a solve in any of the AWS documentation but if you escape the comma it works.
aws cognito-idp admin-update-user-attributes --user-pool-id my_user_pool --username a#b.com --user-attributes Name=address,Value="123 Fake Street\, Somewhere"

aws-cli: getting error "argument --user-pool-id is required"

I am trying to get user information from cognito user pool using aws-cli. According to aws-cli documentation the synopsis should be like this:
admin-get-user
--user-pool-id <value>
--username <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
I have tried with these:
aws cognito-idp admin-get-user us-west-2_MMyZYq4B1 mahbubur.rahman
aws cognito-idp admin-get-user --us-west-2_MMyZYq4B1 --mahbubur.rahman
but getting error aws: error: argument --user-pool-id is required.
what's wrong??
user-pool-id and username are the option key:
--user-pool-id <value>
--username <value>
So the command should be:
aws cognito-idp admin-get-user --user-pool-id us-west-2_MMyZYq4B1 --username mahbubur.rahman

How to generate access token for an AWS Cognito user?

I' using Cognito user pool for securing my API gateway . Now I would like to make requests to my API using postman but I need to pass in Authorization token as the API is secured. Is there any AWS CLI command or REST API to generate auth tokens(by passing username/password)? I have searched documentation but couldn't find any examples. Thanks for your help.
You can do this using the following CLI commands:
Register a user
aws cognito-idp sign-up --region {your-aws-region} --client-id {your-client-id} --username admin#example.com --password password123
Confirm user registration
aws cognito-idp admin-confirm-sign-up --region {your-aws-region} --user-pool-id {your-user-pool-id} --username admin#example.com
Authenticate (get tokens)
aws cognito-idp admin-initiate-auth --region {your-aws-region} --cli-input-json file://auth.json
Where auth.json is:
{
"UserPoolId": "{your-user-pool-id}",
"ClientId": "{your-client-id}",
"AuthFlow": "ADMIN_NO_SRP_AUTH",
"AuthParameters": {
"USERNAME": "admin#example.com",
"PASSWORD": "password123"
}
}
You should get a response like this if everything is set up correctly:
{
"AuthenticationResult": {
"ExpiresIn": 3600,
"IdToken": "{your-idtoken}",
"RefreshToken": "{your-refresh-token}",
"TokenType": "Bearer",
"AccessToken": "{your-access-token}"
},
"ChallengeParameters": {}
}
Use the following command to generate the auth tokens, fill in the xxxx appropriately based on your cognito configuration,
aws cognito-idp initiate-auth --auth-flow USER_PASSWORD_AUTH --client-id xxxx --auth-parameters USERNAME=xx#xx.com,PASSWORD=xxxx
Note: You can use any one username or password under applicable cognito user pool.
The client can be found under general settings--> app client
The AccessKeyId and SecretAccessKey is not required as it already defined while setting up the aws cli. If not done use the following link to set that up first
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
There is an AWS CLI command to generate Auth Tokens. You can use InitiateAuth CLI Command for this.
Note: Make sure you have done the UserPool configuration matching the expected tokens.