Do you come across the same situation where you have to delete all the users from the AWS Cognito user pool? Some of us have been there. Well, it turns out that there is no way in the AWS console to delete all users other than deleting one by one which is really boring, time-consuming, and at the same time a tedious task. This becomes more difficult when you have let's say thousands of users. Recently, I have had to wipe out all the users from the AWS cognito user pool which we are using basically for development purposes. If you want to do the same for a Cognito user pool that stores user information that is used for production then you have to be very very careful as this type of action will wipe out the entire user information.
As I was looking for a solution to this task in one go in order to avoid the one-by-one deletion, I was looking for an option in the AWS CLI. My initial thinking was that there might be some kind of command for cognito-idp which will allow me to do this because in my experience it is usually the case that the CLI sometimes offers more than the AWS console. This is not the case for every service in aws but this is definitely true for some cases. For example, if we want to attach an email sender lambda to the cognito user pool there is no direct way to do so in the console but we can do the job using the AWS CLI.
Enough of the chit-chat, now let us dive into the action.
Prerequisites
Jq
AWS CLI configured with AWS credentials
AWS Cognito user pool id
Shell Script
# delete-all-users.sh
COGNITO_USER_POOL_ID="{{yourUserPoolId}}"
aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID |
jq -r '.Users | .[] | .Username' |
while read user; do
aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username $user
echo "$user deleted"
done
We need to run the above shell script in order to delete all user information from the AWS Cognito user pool. Just create a new file in your desired folder location, and give it a name, in our case we name it delete-all-users.sh. Now enter your Cognito user pool id inside the script.
Enter the following code in the terminal in order to run the script
How to run the script
Enter the following code in the terminal in order to run the script
sh delete-all-users.sh
Key points to understand in the script
This shell script uses another command line tool named jq which is basically a lightweight and flexible command-line JSON processor. Chances are you don’t have installed in our system or bash. Since I am a long-term Mac user, I use Homebrew to install dependencies and other command line tools. You just need to run the following command in your Mac terminal in order to install jq if you have Homebrew installed already. Or you can follow this link to install jq with Homebrew.
brew install jqThere are two AWS CLI commands in the shell script that we need to understand in order to keep ourselves alert of any upcoming ramifications.
aws cognito-idp list-users --user-pool-id $COGNITO_USER_POOL_ID
This command is mainly used for listing all user information against the given user pool id. Here is a screenshot of the command output.
As we can see the username in the output is a unique identifier generated by the aws cognito.
aws cognito-idp admin-delete-user --user-pool-id $COGNITO_USER_POOL_ID --username $user
This command is used to delete a specific user from the given cognito user pool id. The username part of the command is the unique identifier generated for each user by aws cognito as we saw in the previous point.
In the shell script what we are doing is basically listing all users from the given cognito user pool id by running the first command and then by using jq we are picking the username object from each listing and running the delete command for each user found in the Cognito user pool.