Skip to content

Instantly share code, notes, and snippets.

@sscotth
Last active August 5, 2022 20:06
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save sscotth/6deb53af61663df6858d3cdcd928fefb to your computer and use it in GitHub Desktop.
AWS Cognito logout all users of user pool
#!/bin/sh
# REQUIRES 'jq' TO BE INSTALLED (`brew install jq`)
# Combines two aws-cli cognito commands, `list-users` and `admin-user-global-sign-out`.
# * aws cognito-idp list-users --region ${REGION} --user-pool-id ${USER_POOL_ID}
# * aws cognito-idp admin-user-global-sign-out --region ${REGION} --user-pool-id ${USER_POOL_ID} --username ${USERNAME}
# However, the `list-users` command may be paginated.
# Used a pagination loop based on `https://stackoverflow.com/a/68809399`.
# SET THESE VARIABLES
REGION=us-east-1
USER_POOL_ID=us-east-1_abcdefghi
function parse_output() {
if [ ! -z "$cli_output" ]; then
echo $cli_output | jq '.Users[].Username' >> /tmp/aws_logoutAllUsers.txt
NEXT_TOKEN=$(echo $cli_output | jq -r ".NextToken")
fi
}
echo '' > /tmp/aws_command.txt
aws_command="aws cognito-idp list-users --region $REGION --user-pool-id $USER_POOL_ID"
unset NEXT_TOKEN
cli_output=$($aws_command)
parse_output
while [ "$NEXT_TOKEN" != "null" ]; do
if [ "$NEXT_TOKEN" == "null" ] || [ -z "$NEXT_TOKEN" ] ; then
echo "Running: $aws_command"
sleep 3
cli_output=$($aws_command)
parse_output
else
echo "Paginating: $aws_command --starting-token $NEXT_TOKEN"
sleep 3
cli_output=$($aws_command --starting-token $NEXT_TOKEN)
parse_output
fi
done
echo "List Users Complete:"
cat /tmp/aws_logoutAllUsers.txt
echo ""
echo "Logging out..."
echo ""
cat /tmp/aws_logoutAllUsers.txt | xargs -L1 -I@ bash -c "echo @ && aws cognito-idp admin-user-global-sign-out --region $REGION --user-pool-id $USER_POOL_ID --username @"
rm /tmp/aws_logoutAllUsers.txt

This one liner version only works with small user pools or the first page of larger pools:

aws cognito-idp list-users --region us-east-1 --user-pool-id us-east-1_abcdefghi | jq ".Users[].Username" | xargs -L1 aws cognito-idp admin-user-global-sign-out --region us-east-1 --user-pool-id us-east-2_abcdefghi --username

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment