"Developer credentials" simply refers to credentials for programmatic access as this is what allows calling actions in the CLI. In order to allow users in the admin group to call the admin-remove-user-from-group action, they need to be provided with these credentials.
There is information here on how to provide programmatic access: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
For security purposes, you might choose to grant temporary security credentials. This will function the same as long-term security credentials but requires a session token, will expire after a specified interval, and may include principal tags: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
Visit these links for more information about the admin-remove-user-from-group action: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-remove-user-from-group.html
Relevant questions
Move Cognito user pool to another account?
asked 4 months agoHow to pass Cognito user info to a Lambda function
asked 2 years agoRestrict access to the users in groups via scope in cognito user pool
Accepted Answerasked 7 months agoCognito groups- allow admin group to remove a user from a Cognito group
asked a month agoCognito User Pool Groups and retrieving IAM from Lambda
Accepted Answerasked 5 years agoCognito: Require Federated AD Group to be returned in Access Token
Accepted Answerasked 2 years agoRemove external identity from Cognito user
asked 2 months agoRemove all unconfirmed users in a cognito user pool from the console?
Accepted Answerasked 7 months agoRBAC for API Gateway endpoints using Cognito user groups
Accepted Answerasked 9 months agoHow to give a user access only to a specific group of cloudwatch logs
asked 4 months ago
