I'm working on a react native project. And I'm new to AWS Cognito. I have completed the email/phone signup using AWS Cognito. now I easily signup or login with AWS Cognito. And My expectation is there any possibilities to add some predefined users. ex: if I add some users ex(user1#gmail.com, user2#gmail.com) in aws.That particular user only can signup/login into the app. other users(emails or phone) restricted to signup.
The best way to do this would be through the cognito-idp cli. The command admin-create-user will create a test user.
Here is an example:
$ aws cognito-idp sign-up \
--region YOUR_COGNITO_REGION \
--client-id YOUR_COGNITO_APP_CLIENT_ID \
--username admin#example.com \
--password Passw0rd!
Once your user is created, you also need to confim sign up, if this is enabled in your user pool.
$ aws cognito-idp admin-confirm-sign-up \
--region YOUR_COGNITO_REGION \
--user-pool-id YOUR_COGNITO_USER_POOL_ID \
--username admin#example.com
Related
I use saml2aws with Okta authentication to access aws from my local machine. I have added k8s cluster config as well to my machine.
While trying to connect to k8s suppose to list pods, a simple kubectl get pods returns an error [Errno 2] No such file or directory: '/var/run/secrets/eks.amazonaws.com/serviceaccount/token' Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 255
But if i do saml2aws exec kubectl get pods i am able to fetch pods.
I dont understand if the problem is with storing of credentials or where do i begin to even understand the problem.
Any kind of help will be appreciated.
To Integrate Saml2aws with OKTA , you need to create a profile in saml2aws first
Configure Profile
saml2aws configure \
--skip-prompt \
--mfa Auto \
--region <region, ex us-east-2> \
--profile <awscli_profile> \
--idp-account <saml2aws_profile_name>> \
--idp-provider Okta \
--username <your email> \
--role arn:aws:iam::<account_id>:role/<aws_role_initial_assume> \
--session-duration 28800 \
--url "https://<company>.okta.com/home/amazon_aws/......."
URL, region ... can be got from OKTA integration UI.
Login
samle2aws login --idp-account <saml2aws_profile_name>
that should prompt you for password and MFA if exist.
Verification
aws --profile=<awscli_profile> s3 ls
then finally , Just export AWS_PROFILE by
export AWS_PROFILE=<awscli_profile>
and use awscli directly
aws sts get-caller-identity
I have an AWS Cognito user pool enabled with a PreSignup lambda trigger. For some reason, I need to remove the trigger using aws cognito-idp cli. I am aware with the below command we can set new/update a lambda function ARN, but how can I set to none or delete the existing one. With the new and old AWS console, I can easily manage such action but the requirement is to do it through AWS CLI
aws cognito-idp update-user-pool --user-pool-id=eu-west-1_xxXXXxxyy --lambda-config PreSignUp="<lambda-function-arn>:<function_name>:<function_alias>" --region eu-west-1
Thanks in advance
Use this command, I tested in my lab and it works (replace "YOUR_USER_POOL_ID" with your user pool ID):
aws cognito-idp update-user-pool --user-pool-id YOUR_USER_POOL_ID --lambda-config {}
I have done setup of Flux for k8s deployment to AWS EKS, for it I have configured Github and k8S with the following:
https://www.weave.works/blog/gitops-with-github-actions-eks
but getting no basic auth credentials
Thanks in advance
You need to login into the ECR Repo using the below command:
aws ecr get-login-password \
--region <region> \
| docker login \
--username AWS \
--password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
ECR Repository URL : <aws_account_id>.dkr.ecr.region.amazonaws.com
Example :
sh "aws ecr get-login-password --region us-west-1 |
docker login
--username AWS
--password-stdin 09xxxxxxxxxx.dkr.ecr.us-west-1.amazonaws.com"
This command retrieves and displays an authentication token using the GetAuthorizationToken API that you can use to authenticate to an Amazon ECR registry. ~ (Quoted from Amazon Docs)
Reference : https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login-password.html
Is there a way to change the Account status on a user by CLI command?
I know I can resend an email verification with:
aws cognito-idp resend-confirmation-code --client-id 54675464564564 --username XXXX#gmail.com
Is there are any similar command for what I need?
Ok, it was with:
aws cognito-idp admin-update-user-attributes --user-pool-id us-east-2_XXXX --username XXXXXXX#NNNN.com --user-attributes Name="email_verified",Value="false"
Not able to login to AWS ECR Repository through docker login command.
Using command -
docker login REPO_URL
After I enter username and password the result is 401 Unauthorized.
What could be the issue ?
You need to first request for the authorization token from ECR using AWS CLI and then extract the password from it and then, call docker login command.
Refer - https://docs.aws.amazon.com/cli/latest/reference/ecr/get-authorization-token.html
In my case this worked:
aws ecr get-login-password
--region
| docker login
--username AWS
--password-stdin <aws_account_id>.dkr.ecr..amazonaws.com
it was on page
https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login-password.html
Do this to login: $(aws ecr get-login --no-include-email --region us-east-1)
This worked for me:
aws ecr get-login-password \
--region MYREGION \
| docker login \
--username AWS \
--password-stdin ACCOUNTID.dkr.ecr.MYREGION.amazonaws.com
Copy paste it in the terminal and replace the placeholders (MYREGION and ACCOUNTID)