Administrative user management operations requiring elevated privileges, including user creation, deletion, attribute management, and administrative authentication flows for server-side applications.
Create users with administrative privileges, bypassing normal registration flows.
/**
* Create a user in the user pool as an administrator
* Allows creation without requiring user to complete sign-up flow
*/
class AdminCreateUserCommand {
constructor(input: AdminCreateUserCommandInput);
}
interface AdminCreateUserCommandInput {
/** The user pool ID for the user pool where the user will be created */
UserPoolId: string;
/** The username for the user (can be email, phone, or custom username) */
Username: string;
/** Array of user attributes to set during creation */
UserAttributes?: AttributeType[];
/** Validation data for the user creation request */
ValidationData?: AttributeType[];
/** Temporary password for the user (optional) */
TemporaryPassword?: string;
/** Set to true to force the creation of an alias */
ForceAliasCreation?: boolean;
/** Message action (RESEND or SUPPRESS) */
MessageAction?: MessageActionType;
/** Desired delivery mediums for the message */
DesiredDeliveryMediums?: DeliveryMediumType[];
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
}
interface AdminCreateUserCommandOutput {
/** The newly created user object */
User?: UserType;
}
type MessageActionType = "RESEND" | "SUPPRESS";
type DeliveryMediumType = "SMS" | "EMAIL";Usage Example:
import { CognitoIdentityProviderClient, AdminCreateUserCommand } from "@aws-sdk/client-cognito-identity-provider";
const client = new CognitoIdentityProviderClient({ region: "us-east-1" });
const createUserCommand = new AdminCreateUserCommand({
UserPoolId: "us-east-1_example123",
Username: "newuser@example.com",
UserAttributes: [
{ Name: "email", Value: "newuser@example.com" },
{ Name: "name", Value: "New User" },
{ Name: "email_verified", Value: "true" }
],
TemporaryPassword: "TempPass123!",
MessageAction: "SUPPRESS" // Don't send welcome email
});
const result = await client.send(createUserCommand);
console.log("Created user:", result.User?.Username);Manage users with administrative privileges including disabling, enabling, and deleting users.
/**
* Get user information with administrative privileges
* Returns complete user details including status and attributes
*/
class AdminGetUserCommand {
constructor(input: AdminGetUserCommandInput);
}
interface AdminGetUserCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to retrieve */
Username: string;
}
interface AdminGetUserCommandOutput {
/** The username of the user */
Username: string;
/** Array of user attributes */
UserAttributes?: AttributeType[];
/** Date when the user was created */
UserCreateDate?: Date;
/** Date when the user was last modified */
UserLastModifiedDate?: Date;
/** Whether the user account is enabled */
Enabled?: boolean;
/** Current status of the user */
UserStatus?: UserStatusType;
/** MFA options for the user */
MFAOptions?: MFAOptionType[];
/** Preferred MFA setting */
PreferredMfaSetting?: string;
/** List of enabled MFA settings */
UserMFASettingList?: string[];
}
/**
* Delete a user as an administrator
* Permanently removes user from the user pool
*/
class AdminDeleteUserCommand {
constructor(input: AdminDeleteUserCommandInput);
}
interface AdminDeleteUserCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to delete */
Username: string;
}
/**
* Disable a user account as an administrator
* Prevents user from signing in
*/
class AdminDisableUserCommand {
constructor(input: AdminDisableUserCommandInput);
}
interface AdminDisableUserCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to disable */
Username: string;
}
/**
* Enable a disabled user account as an administrator
* Allows user to sign in again
*/
class AdminEnableUserCommand {
constructor(input: AdminEnableUserCommandInput);
}
interface AdminEnableUserCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to enable */
Username: string;
}Perform authentication operations with administrative privileges.
/**
* Initiate authentication flow as an administrator
* Supports admin-only authentication flows
*/
class AdminInitiateAuthCommand {
constructor(input: AdminInitiateAuthCommandInput);
}
interface AdminInitiateAuthCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The ID of the client associated with the user pool */
ClientId: string;
/** The authentication flow type */
AuthFlow: AuthFlowType;
/** Authentication parameters for the flow */
AuthParameters?: Record<string, string>;
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
/** Analytics metadata for Amazon Pinpoint */
AnalyticsMetadata?: AnalyticsMetadataType;
/** Contextual data for advanced security features */
ContextData?: ContextDataType;
}
/**
* Respond to authentication challenge as an administrator
* Handle admin authentication challenges
*/
class AdminRespondToAuthChallengeCommand {
constructor(input: AdminRespondToAuthChallengeCommandInput);
}
interface AdminRespondToAuthChallengeCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The ID of the client associated with the user pool */
ClientId: string;
/** The challenge name */
ChallengeName: ChallengeNameType;
/** The session identifier */
Session?: string;
/** Challenge responses */
ChallengeResponses?: Record<string, string>;
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
/** Analytics metadata for Amazon Pinpoint */
AnalyticsMetadata?: AnalyticsMetadataType;
/** Contextual data for advanced security features */
ContextData?: ContextDataType;
}
/**
* Confirm user registration as an administrator
* Bypass user confirmation process
*/
class AdminConfirmSignUpCommand {
constructor(input: AdminConfirmSignUpCommandInput);
}
interface AdminConfirmSignUpCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to confirm */
Username: string;
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
}Manage user attributes with administrative privileges.
/**
* Update user attributes as an administrator
* Modify user attributes without user authentication
*/
class AdminUpdateUserAttributesCommand {
constructor(input: AdminUpdateUserAttributesCommandInput);
}
interface AdminUpdateUserAttributesCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to update */
Username: string;
/** Array of attributes to update */
UserAttributes: AttributeType[];
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
}
/**
* Delete user attributes as an administrator
* Remove specific attributes from user profile
*/
class AdminDeleteUserAttributesCommand {
constructor(input: AdminDeleteUserAttributesCommandInput);
}
interface AdminDeleteUserAttributesCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user */
Username: string;
/** Array of attribute names to delete */
UserAttributeNames: string[];
}Manage user passwords with administrative privileges.
/**
* Reset user password as an administrator
* Initiates password reset flow with admin privileges
*/
class AdminResetUserPasswordCommand {
constructor(input: AdminResetUserPasswordCommandInput);
}
interface AdminResetUserPasswordCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user whose password to reset */
Username: string;
/** Client metadata for Lambda triggers */
ClientMetadata?: Record<string, string>;
}
/**
* Set permanent password for user as an administrator
* Directly set user password without requiring old password
*/
class AdminSetUserPasswordCommand {
constructor(input: AdminSetUserPasswordCommandInput);
}
interface AdminSetUserPasswordCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user */
Username: string;
/** The new password for the user */
Password: string;
/** Set to true to make password permanent */
Permanent?: boolean;
}Manage user group memberships with administrative privileges.
/**
* Add user to a group as an administrator
* Assign user to a specific group with associated permissions
*/
class AdminAddUserToGroupCommand {
constructor(input: AdminAddUserToGroupCommandInput);
}
interface AdminAddUserToGroupCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to add to the group */
Username: string;
/** The name of the group to add the user to */
GroupName: string;
}
/**
* Remove user from a group as an administrator
* Remove user's membership from a specific group
*/
class AdminRemoveUserFromGroupCommand {
constructor(input: AdminRemoveUserFromGroupCommandInput);
}
interface AdminRemoveUserFromGroupCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to remove from the group */
Username: string;
/** The name of the group to remove the user from */
GroupName: string;
}
/**
* List groups for a user as an administrator
* Get all groups that a user belongs to
*/
class AdminListGroupsForUserCommand {
constructor(input: AdminListGroupsForUserCommandInput);
}
interface AdminListGroupsForUserCommandInput {
/** The username of the user to list groups for */
Username: string;
/** The user pool ID for the user pool */
UserPoolId: string;
/** The maximum number of groups to return */
Limit?: number;
/** Pagination token for retrieving subsequent results */
NextToken?: string;
}
interface AdminListGroupsForUserCommandOutput {
/** Array of groups the user belongs to */
Groups?: GroupType[];
/** Pagination token for retrieving more results */
NextToken?: string;
}Manage user sessions with administrative privileges.
/**
* Sign out user from all devices as an administrator
* Invalidate all user sessions globally
*/
class AdminUserGlobalSignOutCommand {
constructor(input: AdminUserGlobalSignOutCommandInput);
}
interface AdminUserGlobalSignOutCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to sign out */
Username: string;
}
/**
* List user authentication events as an administrator
* Get history of user authentication attempts and events
*/
class AdminListUserAuthEventsCommand {
constructor(input: AdminListUserAuthEventsCommandInput);
}
interface AdminListUserAuthEventsCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user to list events for */
Username: string;
/** Maximum number of events to return */
MaxResults?: number;
/** Pagination token for retrieving subsequent results */
NextToken?: string;
}
interface AdminListUserAuthEventsCommandOutput {
/** Array of authentication events */
AuthEvents?: AuthEventType[];
/** Pagination token for retrieving more results */
NextToken?: string;
}Manage multi-factor authentication settings for users with administrative privileges.
/**
* Set MFA preference for user as an administrator
* Configure user's MFA settings without user authentication
*/
class AdminSetUserMFAPreferenceCommand {
constructor(input: AdminSetUserMFAPreferenceCommandInput);
}
interface AdminSetUserMFAPreferenceCommandInput {
/** The username of the user */
Username: string;
/** The user pool ID for the user pool */
UserPoolId: string;
/** SMS MFA preference settings */
SMSMfaSettings?: SMSMfaSettingsType;
/** Software token MFA preference settings */
SoftwareTokenMfaSettings?: SoftwareTokenMfaSettingsType;
}
/**
* Set user settings as an administrator
* Configure user-specific settings like MFA options
*/
class AdminSetUserSettingsCommand {
constructor(input: AdminSetUserSettingsCommandInput);
}
interface AdminSetUserSettingsCommandInput {
/** The user pool ID for the user pool */
UserPoolId: string;
/** The username of the user */
Username: string;
/** Array of MFA options to set for the user */
MFAOptions: MFAOptionType[];
}Complete Administrative User Management Example:
import {
CognitoIdentityProviderClient,
AdminCreateUserCommand,
AdminSetUserPasswordCommand,
AdminAddUserToGroupCommand,
AdminSetUserMFAPreferenceCommand,
AdminGetUserCommand
} from "@aws-sdk/client-cognito-identity-provider";
const client = new CognitoIdentityProviderClient({ region: "us-east-1" });
const userPoolId = "us-east-1_example123";
// 1. Create user administratively
const createUser = await client.send(new AdminCreateUserCommand({
UserPoolId: userPoolId,
Username: "employee@company.com",
UserAttributes: [
{ Name: "email", Value: "employee@company.com" },
{ Name: "name", Value: "New Employee" },
{ Name: "department", Value: "Engineering" },
{ Name: "email_verified", Value: "true" }
],
TemporaryPassword: "TempPass123!",
MessageAction: "SUPPRESS"
}));
// 2. Set permanent password
await client.send(new AdminSetUserPasswordCommand({
UserPoolId: userPoolId,
Username: "employee@company.com",
Password: "SecurePassword123!",
Permanent: true
}));
// 3. Add user to appropriate groups
await client.send(new AdminAddUserToGroupCommand({
UserPoolId: userPoolId,
Username: "employee@company.com",
GroupName: "Employees"
}));
await client.send(new AdminAddUserToGroupCommand({
UserPoolId: userPoolId,
Username: "employee@company.com",
GroupName: "Engineering"
}));
// 4. Configure MFA settings
await client.send(new AdminSetUserMFAPreferenceCommand({
Username: "employee@company.com",
UserPoolId: userPoolId,
SoftwareTokenMfaSettings: {
Enabled: true,
PreferredMfa: true
}
}));
// 5. Verify user creation
const userDetails = await client.send(new AdminGetUserCommand({
UserPoolId: userPoolId,
Username: "employee@company.com"
}));
console.log("User created successfully:", userDetails.Username);
console.log("User status:", userDetails.UserStatus);
console.log("MFA enabled:", userDetails.UserMFASettingList);Administrative commands for listing and searching users across the user pool.
/**
* List users in the user pool
* Retrieve paginated list of all users with filtering options
*/
class ListUsersCommand {
constructor(input: ListUsersCommandInput);
}
interface ListUsersCommandInput {
/** The user pool ID */
UserPoolId: string;
/** Attributes to include in the response */
AttributesToGet?: string[];
/** Maximum number of users to return */
Limit?: number;
/** Pagination token for retrieving next page */
PaginationToken?: string;
/** Filter users by attribute */
Filter?: string;
}Commands for managing authentication event feedback and risk analysis.
/**
* Update authentication event feedback (admin operation)
* Provide administrative feedback on authentication events
*/
class AdminUpdateAuthEventFeedbackCommand {
constructor(input: AdminUpdateAuthEventFeedbackCommandInput);
}
interface AdminUpdateAuthEventFeedbackCommandInput {
/** The user pool ID */
UserPoolId: string;
/** Username of the user */
Username: string;
/** Event ID to provide feedback for */
EventId: string;
/** Feedback value (Valid or Invalid) */
FeedbackValue: FeedbackValueType;
}