AWS » Cognito
I've managed (concurrently) 5 identity pools in different accounts and being able to navigate around these from the CLI has been a time saver and the ability to document via copy-and-paste CLI command is a much more accurate way than UI screenshots.
Groups and group membership in Cognito is possible (for AAA RBAC), I've not used this significantly.
Here are some of the commands I use:
-
List the pools in an account
/usr/local/bin/aws --profile cli cognito-idp list-user-pools --max-results 999
-
List the users in a pool
/usr/local/bin/aws --profile cli cognito-idp list-users --user-pool-id "eu-west-2_xxxxx"
List the emails in a pool, using a jq pipe!
/usr/local/bin/aws --profile cli cognito-idp list-users --user-pool-id "eu-west-2_xxxxx" | jq -r '.Users | .[] | .Attributes[] | select(.Name == "email") | {Value}' -
Re/Set a user's password
/usr/local/bin/aws --profile cli cognito-idp admin-set-user-password --user-pool-id "eu-west-2_xxxxx" --username "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" --password "Qwer1234" --permanent
- Group membership
Happy to work as an Employee, Consultant, Contractor / Self Employed or via Limited Company