AWS Cognito - User pool xxxx does not exist

Asked 7/2, 2019 at 20:24 Answered 1/11, 2023 at 2:10

Solved c#amazon-web-services amazon-cognito

var client = new AmazonCognitoIdentityProviderClient("MYKEY", "MYSECRET", RegionEndpoint.USEast1);

var request = new AdminGetUserRequest();
request.Username = "USERNAME";
request.UserPoolId = "POOLID";

var user = client.AdminGetUserAsync(request).Result;

The key/secret are authenticating as a user with Administrator Access. For good measure, I've also given it the AmazonCognitoPowerUser policy.

The region endpoint is correct and the same as the one my user pool is in. The user pool Id is correct. The first part of the user pool ID matches the region.

I'm at a loss for where else this could possibly be going wrong. Any ideas?

Update 8/2/19

Manual CLI command:

PM> aws cognito-idp list-user-pools --region us-east-1 --max-results 10
{
    "UserPools": []
}

The region is correct, so there must be some issue with permissions. Is there anything I could try tweaking on the pool, or other policies I may need to add to the user?

Spontaneous answered 7/2, 2019 at 20:24 Comment(5)

assuming your CLI is configured with the same credentials as your app, can you type aws cognito-idp list-user-pools --region us-east-1 --max-results 10 and check the results ? – Lamphere 7/2, 2019 at 20:39

BTW, hard coding access key and secret key in code is considered as a poor security practice. We strongly suggest you to use IAM roles instead. – Lamphere 7/2, 2019 at 20:40

@SébastienStormacq updated in main post. Also, this isn't production code and the credentials will get moved, I just need to get it working in the most simple form possible first. – Spontaneous 8/2, 2019 at 10:20

Thanks for the update. Assuming your CLI and Code are using the same credentials, the error message you see is correct : there is no Cognito User Pool associated with that account in that region. If you see a Cognito User Pool from your AWS Console, ask your self "in which region am I?" and "what is the access key / secret key associated with this account?" – Lamphere 8/2, 2019 at 13:36

There is though. I have added console access to that IAM user, loaded up cognito for us-east-1, and I can see and edit the user pool. Using the same IAM user, why can I see it in the console, logging in with the console credentials, but not via CLI or programmatically using the access key/secret? – Spontaneous 8/2, 2019 at 14:36

So, it looks like this is some sort of AWS glitch with the existing IAM user.

Having created a new user with exactly the same permissions, access works as intended both from CLI and the code in the original question.

Spontaneous answered 11/2, 2019 at 18:47 Comment(1)

Check AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY match the account. Took me hours to figure out I was using a different account – Shepley 22/6, 2022 at 10:58

Actually your configuration can be wrong , you downloaded awsconfiguration.json and it looks like same I know.. but this configuration can be wrong. When you examine the json you will see a field.. "CognitoUserPool": {PoolId, appclient id ..}

You need to open your user pool and create new client or control existing client information. Check your awsconfiguration.json again with this webpage's pool id, appclient id etc. Update your json... it will solve the problem.

Maje answered 12/4, 2020 at 12:47 Comment(0)

I ran into this problem with the AWS CLI and it puzzled me too, but I learned that I needed to provide the profile name in the parameter list to get it to work. So it looked like this:

aws cognito-idp admin-get-user --profile dev-account ....

My profiles are stored on my Mac at cat ~/.aws/config| grep profile

The config file is created by an in-house custom script. This is the contents of what that file looks like.

[profile dev-account]
sso_start_url = https://yourcompanyname.awsapps.com/start#/
sso_region = us-east-1
sso_account_id = 1234567890
sso_role_name = PowerUserAccess
region = us-east-1
output = json

Also, in this folder is a "credentials" file that has some JSON for these variables: profile name, aws_access_key_id, aws_secret_access_key, aws_session_token, aws_expiration

Observe answered 28/10, 2021 at 20:44 Comment(0)

First I blew away existing amplify auth code, then did: amplify init amplify add auth I had to manually edit (against the dire warnings that it was auto-generated) aws-exports.js with my updated pool id, web-client id etc information. For some reason, the new cognito info hadn't replaced the old when I recreated it. It then worked.

Wellborn answered 1/11, 2023 at 2:10 Comment(0)

Recommended topics

Hot tags