AndyK
AndyK

Reputation: 307

AWS Cognito - User pool xxxx does not exist

var client = new AmazonCognitoIdentityProviderClient("MYKEY", "MYSECRET", RegionEndpoint.USEast1);

var request = new AdminGetUserRequest();
request.Username = "USERNAME";
request.UserPoolId = "POOLID";

var user = client.AdminGetUserAsync(request).Result;                      

The key/secret are authenticating as a user with Administrator Access. For good measure, I've also given it the AmazonCognitoPowerUser policy.

The region endpoint is correct and the same as the one my user pool is in. The user pool Id is correct. The first part of the user pool ID matches the region.

I'm at a loss for where else this could possibly be going wrong. Any ideas?

Update 8/2/19

Manual CLI command:

PM> aws cognito-idp list-user-pools --region us-east-1 --max-results 10
{
    "UserPools": []
}

The region is correct, so there must be some issue with permissions. Is there anything I could try tweaking on the pool, or other policies I may need to add to the user?

Upvotes: 6

Views: 23401

Answers (5)

Yaki RM
Yaki RM

Reputation: 1

var client = new AmazonCognitoIdentityProviderClient("MYKEY", "MYSECRET", RegionEndpoint.USEast1);

var request = new AdminGetUserRequest();
request.Username = "USERNAME";
request.UserPoolId = "POOLID";

var user = client.AdminGetUserAsync(request).Result;                      

Upvotes: 0

MillturnK
MillturnK

Reputation: 91

First I blew away existing amplify auth code, then did: amplify init amplify add auth I had to manually edit (against the dire warnings that it was auto-generated) aws-exports.js with my updated pool id, web-client id etc information. For some reason, the new cognito info hadn't replaced the old when I recreated it. It then worked.

Upvotes: 0

Joey Garcia
Joey Garcia

Reputation: 91

I ran into this problem with the AWS CLI and it puzzled me too, but I learned that I needed to provide the profile name in the parameter list to get it to work. So it looked like this:

aws cognito-idp admin-get-user --profile dev-account ....

My profiles are stored on my Mac at cat ~/.aws/config| grep profile

The config file is created by an in-house custom script. This is the contents of what that file looks like.

[profile dev-account]
sso_start_url = https://yourcompanyname.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = 1234567890
sso_role_name = PowerUserAccess
region = us-east-1
output = json

Also, in this folder is a "credentials" file that has some JSON for these variables: profile name, aws_access_key_id, aws_secret_access_key, aws_session_token, aws_expiration

Upvotes: 1

elify
elify

Reputation: 460

Actually your configuration can be wrong , you downloaded awsconfiguration.json and it looks like same I know.. but this configuration can be wrong. When you examine the json you will see a field.. "CognitoUserPool": {PoolId, appclient id ..}

You need to open your user pool and create new client or control existing client information. Check your awsconfiguration.json again with this webpage's pool id, appclient id etc. Update your json... it will solve the problem.

enter image description here

Upvotes: 2

AndyK
AndyK

Reputation: 307

So, it looks like this is some sort of AWS glitch with the existing IAM user.

Having created a new user with exactly the same permissions, access works as intended both from CLI and the code in the original question.

Upvotes: 7

Related Questions