Problem: I created cognito user pools for staging and production under the same root AWS account. I need to move them to separate accounts for security purposes.
I know that AWS doesn't have great support for transferring resources between accounts, but I think a case can be made for Cognito user pools. I would happily create a new pool in the new account and write a script to create the user accounts in the new pool using the emails from the old pool, but there are two problems
- AWS doesn't allow exporting password hashes
- AWS doesn't export 2FA tokens
So there's no way for existing users to log in to the new pool.
If you google for people who faced this problem, they come up with hacky solutions like signing in users to the old pool, then triggering a signup on the new pool, and forcing a password reset. Obviously this solution is not acceptable since I don't want to force my users to reset their passwords + users with 2FA enabled now have to re-enable it!
Another problem: this "solution" depends on the user to come back to your site and log in. I don't want to have to wait months/years for this transition to happen. I want to be able to move my pools freely.
Please AWS give us a solution.
AWS 官方已更新 2 年前