aws-cognito-idp
Manage AWS Cognito Identity Provider resources
TLDR
Create a new Cognito user pool
List all user pools
Delete a specific user pool
Create a user in a specific pool
List the users of a specific pool
Delete a user from a specific pool
SYNOPSIS
aws cognito-idp <subcommand> [<parameters>] [<global-options>]
Example: aws cognito-idp list-user-pools --max-results 10 --region us-east-1
PARAMETERS
<subcommand>
Specifies the API operation to perform (e.g., create-user-pool, admin-get-user, list-users). Each subcommand has its own specific parameters.
--region <value>
Specifies the AWS region to send the request to (e.g., us-east-1).
--output <value>
Defines the output format of the command (e.g., json, text, table).
--profile <value>
Uses a specific named profile from your credential file.
--endpoint-url <value>
Overrides the default service endpoint URL for Cognito IdP.
--no-paginate
Disables pagination for commands that return a large number of items, fetching all results in one go.
--debug
Turns on debug logging, providing detailed information about the CLI execution and API calls.
--color <on|off|auto>
Controls colored output for the CLI.
--cli-input-json <value>
Reads command arguments from a provided JSON string or file.
--version
Displays the version of the AWS CLI currently installed.
--help
Displays help for the command or a specific subcommand, detailing available options and usage.
DESCRIPTION
The aws cognito-idp command is a crucial component of the AWS Command Line Interface (CLI), providing direct programmatic access to the Amazon Cognito Identity Provider (IdP) service APIs. Amazon Cognito IdP is a fully managed service that enables developers to add user sign-up, sign-in, and access control to their web and mobile applications. It supports both user directories (User Pools) for managing application users and integration with external identity providers (like Facebook, Google, or SAML/OIDC).
Through the aws cognito-idp command, administrators and developers can perform a wide range of operations, including creating and managing user pools, handling individual users within pools (e.g., creating, updating, deleting users, resetting passwords, confirming sign-ups), configuring identity providers, and managing user pool clients. It's an indispensable tool for automating Cognito management tasks, integrating with CI/CD pipelines, and scripting complex user management workflows.
CAVEATS
The aws cognito-idp command requires the AWS CLI to be installed and properly configured with valid AWS credentials (via aws configure or environment variables).
Internet connectivity is essential for communicating with AWS services.
Performing actions via this command demands appropriate IAM permissions for the Cognito service; unauthorized actions will result in access denied errors.
Destructive operations (like deleting user pools or users) are generally irreversible and should be handled with extreme caution.
Compatibility with newer Cognito features may require an updated AWS CLI version.
FINDING SUBCOMMANDS AND THEIR PARAMETERS
To explore all available subcommands under aws cognito-idp, execute aws cognito-idp help. For detailed information and specific parameters of any subcommand, use aws cognito-idp <subcommand> help (e.g., aws cognito-idp admin-create-user help).
COMMON USE CASES
Common applications of the aws cognito-idp command include automating user provisioning and de-provisioning, scripting user migration from existing systems into Cognito, performing batch operations on users (such as confirming unconfirmed users), integrating Cognito management into CI/CD pipelines for infrastructure as code, and troubleshooting user authentication and profile issues.
HISTORY
The AWS Command Line Interface (CLI) was initially launched in late 2012 / early 2013, providing a unified tool for managing AWS services. Amazon Cognito was first introduced in 2014, with its User Pools feature (which `cognito-idp` primarily manages) gaining prominence around 2016. The aws cognito-idp command was subsequently integrated into the AWS CLI to offer comprehensive command-line control over these new and evolving Cognito Identity Provider capabilities, becoming an indispensable utility for developers and administrators automating user management and authentication workflows.