AWS Cognito, change Account status by CLI - amazon-web-services

Is there a way to change the Account status on a user by CLI command?
I know I can resend an email verification with:
aws cognito-idp resend-confirmation-code --client-id 54675464564564 --username XXXX#gmail.com
Is there are any similar command for what I need?

Ok, it was with:
aws cognito-idp admin-update-user-attributes --user-pool-id us-east-2_XXXX --username XXXXXXX#NNNN.com --user-attributes Name="email_verified",Value="false"

Related

AWS congnito user pool attributes update

I have an AWS Cognito user pool enabled with a PreSignup lambda trigger. For some reason, I need to remove the trigger using aws cognito-idp cli. I am aware with the below command we can set new/update a lambda function ARN, but how can I set to none or delete the existing one. With the new and old AWS console, I can easily manage such action but the requirement is to do it through AWS CLI
aws cognito-idp update-user-pool --user-pool-id=eu-west-1_xxXXXxxyy --lambda-config PreSignUp="<lambda-function-arn>:<function_name>:<function_alias>" --region eu-west-1
Thanks in advance
Use this command, I tested in my lab and it works (replace "YOUR_USER_POOL_ID" with your user pool ID):
aws cognito-idp update-user-pool --user-pool-id YOUR_USER_POOL_ID --lambda-config {}

Cognito unconfirmed user accounts using AWS CLI Command line

aws --profile xx cognito-idp list-users --user-pool-id xxx --filter cognito:user_status="CONFIRMED"
An error occurred (InvalidParameterException) when calling the ListUsers operation: Error while parsing filter. Let me know what is wrong in that code.

Error when configuring ECR authorization token with docker login

I am running into this error when trying to setup ECR authorization token with docker login.
Can you please advice
echo $(aws ecr get-login-password --region us-east-1 --profile test)|docker login --password-stdin --username AWS 123456789.dkr.ecr.us-east-1.amazonaws.com
Error saving credentials: error storing credentials - err: exit status 1, out: not implemented
The command you are using works with AWS CLI v2. The not implemented message may mean you don't have the latest version OR you are using AWS CLI v1? For AWS CLI v1 there is another (similar) command which calls get-login. See here.

Aws cognito add predefined users

I'm working on a react native project. And I'm new to AWS Cognito. I have completed the email/phone signup using AWS Cognito. now I easily signup or login with AWS Cognito. And My expectation is there any possibilities to add some predefined users. ex: if I add some users ex(user1#gmail.com, user2#gmail.com) in aws.That particular user only can signup/login into the app. other users(emails or phone) restricted to signup.
The best way to do this would be through the cognito-idp cli. The command admin-create-user will create a test user.
Here is an example:
$ aws cognito-idp sign-up \
--region YOUR_COGNITO_REGION \
--client-id YOUR_COGNITO_APP_CLIENT_ID \
--username admin#example.com \
--password Passw0rd!
Once your user is created, you also need to confim sign up, if this is enabled in your user pool.
$ aws cognito-idp admin-confirm-sign-up \
--region YOUR_COGNITO_REGION \
--user-pool-id YOUR_COGNITO_USER_POOL_ID \
--username admin#example.com

Problem in getting result from 'aws ecr get-login'

I am getting following error when given following command.
aws ecr get-login --region eu-central-1
Error
An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:iam::314xxxx91079:user/git is not authorized to perform: ecr:GetAuthorizationToken on resource: *
My admin has given me access for this 'GetAuthorizationToken' resource.
Most probably what I think the problem is 'arn:aws:iam::314xxxx91079:user/git' user being used for this command. When I login into aws console, I see my user name (IAM) as follow.
amit#iproxxx.com
How do I make 'get-login' to take this user name instead of user/git. I am very new to aws cli, and this command happens to be one of the build step.
For newer version just use
aws ecr get-login-password \
--region us-east-1 | docker login \
--username AWS \
--password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
The AWS cli command looks good and the output should be similar to below
Sample output:
docker login -u AWS -p password https://aws_account_id.dkr.ecr.eu-central-1.amazonaws.com
Please check if you have correctly set the AWS credentials for cli to use.
If not done, try below to configure the credentials
aws configure
AWS Access Key ID [None]: Access Key
AWS Secret Access Key [None]: Secret Key
Default region name [None]: eu-central-1
Default output format [None]: json
Note : This should be your default profile, else pass profile name as well for ecr get-login command
aws ecr get-login --region eu-central-1 --profile <profile name>
Hope this helps !!!
With newer versions of AWS CLI, we can request the password for ECR docker login with get-login-password and pipe the password to Docker login, something like:
aws ecr get-login-password \
--region us-east-1 \
| docker login \
--username AWS \
--password-stdin 123456789101.dkr.ecr.us-east-1.amazonaws.com
Documentation: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecr/get-login-password.html
with CLI V2, following syntax is going to throw error:
$(aws ecr get-login --no-include-email --region us-east-1)
aws ecr get-login --no-include-email --region us-east-1
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:
Please find below the step that push the local docker image to AWS ECR
we can get login succeeded:
C:>aws ecr get-login-password --no-verify
We will get the password.Please find below the password column
C:\docker login --username AWS --password eyJwYXlsb2Fk...kRBVEFfS0VZIn0= https://123456789012.dkr.ecr.us-east-1.amazonaws.com
docker tag user-mysql account_id.dkr.ecr.us-east-1.amazonaws.com/dockerregistry
Push the image on ECR : C:\docker push account_id.dkr.ecr.us-east-1.amazonaws.com/dockerregistry
Username : AWS
Password : eyJwYXlsb2Fk...kRBVEFfS0VZIn0=
ProxyEndpoint : https://123456789012.dkr.ecr.us-west-2.amazonaws.com
Endpoint : https://123456789012.dkr.ecr.us-west-2.amazonaws.com
ExpiresAt : 9/26/2017 6:08:23 AM
Command : docker login --username AWS --password eyJwYXlsb2Fk...kRBVEFfS0VZIn0= https://123456789012.dkr.ecr.us-west-2.amazonaws.com
Adding this for anyone who needs to configure docker properly on Linux before trying to log into the ECR.
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
And then...
aws ecr get-login-password \
--region <region> | docker login \
--username AWS \
--password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
I don't think anyone mentioned this but you could also run into this error if you don't have the right permissions set on your IAM user/role.
Specifically, you need to allow the ecr:GetAuthorizationToken action on resource * (since you can't limit this action on a specific resource yet).
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ecr:GetAuthorizationToken",
"Resource": "*"
}
With this permission granted, you can run either the command:
aws ecr get-login-password --region <region>
Or:
aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken' --region <region>
More info:
https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html