AWS Cognito delete all users from a user pool

Question

How can we delete all users from a specific user pool in AWS Cognito using AWS CLI?

Answer 1

I've created the following script based on the answer of @Richard. Note I had to set LC_CTYPE="en_US.UTF-8" to make sure that the script doesn't stop at invalid characters.

#!/usr/bin/env bash

COGNITO_USER_POOL_ID=__XXX__

export LC_CTYPE="en_US.UTF-8"

RUN=1
until [ $RUN -eq 0 ] ; do
echo "Listing users"
USERS=`aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID | grep Username | awk -F: '{print $2}' | sed -e 's/\"//g' | sed -e 's/,//g'`
if [ ! "x$USERS" = "x" ] ; then
  echo "$USERS" | xargs -n 1 -P 5 -I % bash -c "echo Deleting %; aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username %"
else
    echo "Done, no more users"
    RUN=0
fi
done

Answer 2

In order to speed up deletion, I modified @GRVPrasad's answer to use xargs -P which will farm deletions out to multiple processes.

aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID | jq -r '.Users | .[] | .Username' | xargs -n 1 -P 5 -I % bash -c "echo Deleting %; aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username %"

Answer 3

Here is a bash version based on @ajilpm's batch script:

# deleteAllUsers.sh
COGNITO_USER_POOL_ID=$1

aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID |
jq -r '.Users | .[] | .Username' |
while read user; do
  aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username $user
  echo "$user deleted"
done

You must have jq installed and remember to make the script executable: chmod +x deleteAllUsers.sh.

The user pool id can be provided as a command line argument: ./deleteAllUsers.sh COGNITO_USER_POOL_ID.

Answer 4

With Python and boto3: I use email as username

import boto3 as aws
import pandas as pd

client_cognito = aws.client('cognito-idp')
getProperties = pd.read_csv('CognitoUsers.csv',header=0)
usernames = getProperties['email']

for username in usernames:
    response = client_cognito.admin_delete_user(
        UserPoolId="us-east-1_xxxxxxxxx",
        Username = username,
    )

you need login in aws-cli with your AWS Access Key ID & AWS Secret Access Key

Answer 5

I created a script to do it from Windows CMD if you have AWS Cli installed and configured, which will delete all the users page by page, so you need to run it till all users are removed.

You need to have JQ downloaded and its path added to system env path for the following to work.

---delete.bat---

@echo off setlocal

for /f "delims=" %%I in 
  ('aws cognito-idp list-users --user-pool-id  $COGNITO_USER_POOL_ID ^| 
    jq -r ".Users | .[] | .Username"')
do 
  (aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username %%I 
   echo %%I deleted)

---delete.bat---

Answer 6

Sorry cannot add comment. I had same requirement and slight modification in command mentioned by ajilpm worked in windows 10 for me. You need to download jq.exe and keep on path in command line

---Start.bat---

@echo off setlocal

for /f "delims=" %%I in ('aws cognito-idp list-users --user-pool-id us-west-2_O7rRBQ5rr --profile dev-hb ^| jq -r ".Users | .[] | .Username"') do ( aws cognito-idp admin-delete-user --user-pool-id us-west-2_O7rRBQ5rr --username %%I --profile dev-hb)

---delete.bat---

Answer 7

try with below:

aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID |
jq -r '.Users | .[] | .Username' |
while read uname1; do
  echo "Deleting $uname1";
  aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username $uname1;
done