amit
Reputation: 2331
How to allow access for CognitoIdentityProvider sdk in aws boto3
I'm attempting to write a small script that fetch my users details from aws cognito users pool. Although my boto3 SDK has access to my S3, Dynamodb etc', when attempting:
import boto3
client = boto3.client('cognito-idp')
response = client.admin_get_user(
UserPoolId='XXXXXX',
Username='YYYYYY'
)
I get
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the AdminGetUser operation
But i can not find in the documentation how to allow such access for my SDK.
Any suggestions?
Upvotes: 1
Views: 1594
Answers (1)
jweyrich
Reputation: 32240
You need an IAM policy allowing the user (and consequently his/her access keys) or the resource (EC2, Lambda function, etc) to perform the cognito-idp:AdminGetUser operation. For example, a read-only policy for Cognito:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:AdminGetUser",
"cognito-idp:Describe*",
"cognito-idp:List*",
],
"Resource": "*"
}
]
}
Upvotes: 3
Related Questions
- How to pass cognito confidential app client credentials for creating boto3 cognito-idp client?
- AWS boto3 Cognito Invalid Access Token Error
- Enabling SOFTWARE_TOKEN_MFA through Python Boto3 for a cognito user
- Add Cognito Authorizer to Api Gateway LambdaRestAPI in CDK
- boto3 how i can cognito auth
- AWS Cognito NotAuthorizedException A client attempted to write unauthorized attribute
- Authentication AWS Cognito SRP
- Unauthenticated access to AWS services using Cognito
- Unable to add cognito login provider using boto / aws cli
- AWS Cognito IntitiateAuth: Missing required parameter UserName