By using AWS re:Post, you agree to the Terms of Use

Cognito groups- allow admin group to remove a user from a Cognito group

0

I have a Cognito user pool that has 3 groups(admin, user, engineer) I want to allow admin groups to remove a user from a group. I read about admin-remove-user-from-group but this needs developers' credentials.

Do you have any idea how to give access to this function?

1 Answers
0

"Developer credentials" simply refers to credentials for programmatic access as this is what allows calling actions in the CLI. In order to allow users in the admin group to call the admin-remove-user-from-group action, they need to be provided with these credentials.

There is information here on how to provide programmatic access: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

For security purposes, you might choose to grant temporary security credentials. This will function the same as long-term security credentials but requires a session token, will expire after a specified interval, and may include principal tags: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

Visit these links for more information about the admin-remove-user-from-group action: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-remove-user-from-group.html

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions