cognito-cli
This is the missing CLI tool for working with AWS Cognito, it provides a bunch of utility functions which are designed to make administering Cognito easier.
Installation
Install it using gobinaries.
curl -sf https://gobinaries.com/wolfeidau/cognito-cli | sh
Download the latest release from the release page.
Or if you have a working Go installation (Go-1.14 or higher) and want to build cognito-cli
it fun the following command to install in your $GOPATH/bin
folder.
GO111MODULE=off go get -u github.com/wolfeidau/cognito-cli
Usage
Some example commands are as follows:
cognito-cli --region=ap-southeast-2 --profile=wolfeidau-dev ls
+--------------------------+--------------------------------------+--------------------------------+
| ID | NAME | CREATED |
+--------------------------+--------------------------------------+--------------------------------+
| ap-southeast-2_abc123def | somepool_dev_master | 2020-03-12 11:52:24 +1100 AEDT |
| ap-southeast-2_abc123cde | otherpool_dev_master | 2019-02-02 14:47:25 +1100 AEDT |
+--------------------------+--------------------------------------+--------------------------------+
This CLI tool supports the standard AWS_REGION
and AWS_PROFILE
environment variables to configure region and AWS cli profile respectively, so the following command also works.
AWS_PROFILE=wolfeidau-dev AWS_REGION=ap-southeast-2 cognito-cli ls
+--------------------------+--------------------------------------+--------------------------------+
| ID | NAME | CREATED |
+--------------------------+--------------------------------------+--------------------------------+
| ap-southeast-2_abc123def | somepool_dev_master | 2020-03-12 11:52:24 +1100 AEDT |
| ap-southeast-2_abc123cde | otherpool_dev_master | 2019-02-02 14:47:25 +1100 AEDT |
+--------------------------+--------------------------------------+--------------------------------+
I have also pulled out the CLI help for each sub command and provided them in the order which they are best explored in.
To display a list of user pools.
Usage: cognito-cli ls
List pools.
Flags:
--help Show context-sensitive help.
--debug Enable debug mode.
-r, --region="us-east-1" AWS Region ($AWS_REGION).
-p, --profile=PROFILE-FLAG AWS CLI profile ($AWS_PROFILE).
--disable-local-time Disable localisation of times output.
--version
--csv Enable csv output.
To list the schema attributes of a user pool.
Usage: cognito-cli list-attributes --user-pool-id=STRING
List the schema attributes of the user pool.
Flags:
--help Show context-sensitive help.
--debug Enable debug mode.
-r, --region="us-east-1" AWS Region ($AWS_REGION).
-p, --profile=PROFILE-FLAG AWS CLI profile ($AWS_PROFILE).
--disable-local-time Disable localisation of times output.
--version
--user-pool-id=STRING
To find users in a pool.
Usage: cognito-cli find --user-pool-id=STRING
Find users.
Flags:
--help Show context-sensitive help.
--debug Enable debug mode.
-r, --region="us-east-1" AWS Region ($AWS_REGION).
-p, --profile=PROFILE-FLAG AWS CLI profile ($AWS_PROFILE).
--disable-local-time Disable localisation of times output.
--version
--user-pool-id=STRING
--csv Enable csv output.
--attributes=Username,email,... Attributes to retrieve and output.
--back-off=500 Delay in ms used to backoff during paging of records
--filter=KEY=VALUE;... Filter users based on a set of patterns, supports '*' and '?' wildcards in either string.
To export users in a pool, filter and write the results in CSV format, I use this for analysis and to verify the integrity of user details stored.
Usage: cognito-cli export --user-pool-id=STRING
Export users, filter and write the results in CSV format.
Flags:
--help Show context-sensitive help.
--debug Enable debug mode.
-r, --region="us-east-1" AWS Region ($AWS_REGION).
-p, --profile=PROFILE-FLAG AWS CLI profile ($AWS_PROFILE).
--disable-local-time Disable localisation of times output.
--version
--user-pool-id=STRING
--back-off=500 Delay in ms used to backoff during paging of records
--filter=KEY=VALUE;... Filter users based on a set of patterns, supports '*' and '?' wildcards in either string.
NOTE: This is not designed to directly feed into the StartUserImportJob operation, some transformations may be required.
To find users in a pool and log them out.
Usage: cognito-cli logout --user-pool-id=STRING
Find users and trigger a logout.
Flags:
--help Show context-sensitive help.
--debug Enable debug mode.
-r, --region="us-east-1" AWS Region ($AWS_REGION).
-p, --profile=PROFILE-FLAG AWS CLI profile ($AWS_PROFILE).
--disable-local-time Disable localisation of times output.
--version
--user-pool-id=STRING
--back-off=500 Delay in ms used to backoff during paging of records
--filter=KEY=VALUE;... Filter users based on a set of patterns, supports '*' and '?' wildcards in either string.
NOTE: This calls AdminUserGlobalSignOut for each user which revokes their refresh token, it won't actually log them out straight away, they will however have to log in the next time they attempt to refresh their access token. This can take up to 1 hour for users who have recently refreshed their token.
License
This application is released under Apache 2.0 license and is copyright Mark Wolfe.