Last updated: Sep 24, 2021
Check out my new book
In order to change a Cognito user's status from
CONFIRMED, we have to change their password. To change a cognito user's
password, use the
admin-set-password command, setting the
aws cognito-idp admin-set-user-password --user-pool-id YOUR_USER_POOL_ID --username firstname.lastname@example.org --password "cats-and-dogs-123" --permanent
The admin-set-user-password command allows us to set a user's password as an administrator.
We can set the user's password to be a temporary or permanent one. If we set a
temporary password, the user's status is set to
means that the next time they try to log in, they will be required to change
FORCE_CHANGE_PASSWORDgets prompted to update their password on sign in and they don't, the challenge expires and only an admin can update their password.
By setting the
--permanent parameter in the command, we've updated the user's
To verify that the user's status has been changed to
CONFIRMED, run the
aws cognito-idp admin-get-user --user-pool-id YOUR_USER_POOL_ID --username email@example.com --query "UserStatus"
admin-get-user command returns information about the cognito user, however
we're only interested in the user's status so we've used the
to filter the output to only the