LinuxCommandLibrary

aws-cognito-idp

Manage AWS Cognito Identity Provider resources

TLDR

Create a new Cognito user pool

$ aws cognito-idp create-user-pool --pool-name [name]
copy

List all user pools
$ aws cognito-idp list-user-pools --max-results [10]
copy

Delete a specific user pool
$ aws cognito-idp delete-user-pool --user-pool-id [user_pool_id]
copy

Create a user in a specific pool
$ aws cognito-idp admin-create-user --username [username] --user-pool-id [user_pool_id]
copy

List the users of a specific pool
$ aws cognito-idp list-users --user-pool-id [user_pool_id]
copy

Delete a user from a specific pool
$ aws cognito-idp admin-delete-user --username [username] --user-pool-id [user_pool_id]
copy

SYNOPSIS

aws cognito-idp [global-options] subcommand [args]

PARAMETERS

--cli-auto-prompt
    Automatically prompt for CLI input parameters.

--cli-binary-format raw-in-base64-out
    Binary format for input/output.

--cli-input-json
    Perform action from JSON file or string.

--color
    Turn on/off colored output.

--debug
    Turn on debug logging.

--endpoint-url URL
    Override default endpoint URL.

--help
    Show help for command.

--max-items
    Maximum items to return for paginated calls.

--no-cli-auto-prompt
    Disable auto-prompting.

--no-paginate
    Disable automatic pagination.

--no-sign-request
    Do not sign requests.

--only-show-errors
    Show only errors.

--output json|text|table
    Output format.

--profile PROFILE
    Use specific profile from credentials file.

--query STRING
    JMESPath query for output.

--region REGION
    AWS region (e.g., us-east-1).

--version
    Show version information.

DESCRIPTION

The aws cognito-idp command provides command-line access to Amazon Cognito Identity Provider (IDP) APIs. Amazon Cognito enables user authentication, authorization, and management for web/mobile apps via user pools and identity pools.

User pools act as user directories, supporting sign-up/sign-in, MFA, password policies, and custom attributes. This CLI lets admins create/delete user pools, manage users/groups, configure app clients, enable hosted UI, and handle advanced security like risk-based adaptive auth.

Typical tasks include bulk user import, password resets, group assignments, and querying user status. Integrates with Lambda triggers for custom logic. Requires IAM permissions like cognito-idp:AdminCreateUser.

Use cases: DevOps automation, serverless app scaling, compliance auditing. Outputs JSON by default; paginates large results. Regional service (e.g., us-east-1). Full API parity with AWS SDKs.

CAVEATS

Requires AWS CLI installed/configured with valid credentials. Many subcommands need elevated IAM policies. Regional endpoints only; no global. Rate limits apply per API.

KEY SUBCOMMANDS

admin-create-user: Create admin user in pool.
list-user-pools: List user pools.
describe-user-pool: Get pool details.
admin-delete-user: Delete user.
list-users: List users in pool. See aws cognito-idp help for 100+.

AUTHENTICATION

Uses AWS SigV4. Configure via aws configure, AWS_PROFILE, or IAM roles/EC2 metadata.

HISTORY

Cognito launched 2014; CLI support in AWS CLI v1.7+ (2015). Full feature parity in v2 (2020+), tracking Cognito API evolutions like custom auth flows.

SEE ALSO

aws(1), aws cognito-identity(1), aws iam(1)

Copied to clipboard