By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cognito groups- allow admin group to remove a user from a Cognito group

0

I have a Cognito user pool that has 3 groups(admin, user, engineer) I want to allow admin groups to remove a user from a group. I read about admin-remove-user-from-group but this needs developers' credentials.

Do you have any idea how to give access to this function?

Topics
Security, Identity, & Compliance
Tags
IAM PoliciesAmazon Cognito User Pools
Language
English
rePost-User-6442632
asked 2 years ago553 views
1 Answer
0

"Developer credentials" simply refers to credentials for programmatic access as this is what allows calling actions in the CLI. In order to allow users in the admin group to call the admin-remove-user-from-group action, they need to be provided with these credentials.

There is information here on how to provide programmatic access: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

For security purposes, you might choose to grant temporary security credentials. This will function the same as long-term security credentials but requires a session token, will expire after a specified interval, and may include principal tags: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

Visit these links for more information about the admin-remove-user-from-group action: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRemoveUserFromGroup.html https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/admin-remove-user-from-group.html

Nuzhat_S
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content