manage_user
Manage User
Create, get, update, disable, enable, confirm, reset password, set password, or delete a user in a Cognito user pool. Combines all administrative user operations into a single flexible tool.
manage_user
Create, get, update, disable, enable, confirm, reset password, set password, or delete a user in a Cognito user pool. Combines all administrative user operations into a single flexible tool.
manage_identity_provider
Create, get, update, delete, or list federated identity providers (SAML, OIDC, Google, Facebook, Apple, Amazon) in a Cognito user pool. Manages federation configuration for external sign-in sources.
manage_group_membership
Add or remove users from groups, list users in a group, or list groups for a user. Provides complete group membership management for role-based access control.
list_user_pools
List all Cognito user pools in the configured AWS region. Returns pool names, IDs, statuses, and creation dates. Supports pagination for accounts with many user pools.
manage_group
Create, get, update, or delete a group in a Cognito user pool. Groups provide role-based access control and can be associated with IAM roles for identity pool authorization.
manage_app_client
Create, get, update, delete, or list app clients for a Cognito user pool. App clients define how applications interact with the user pool, including authentication flows, OAuth scopes, callback URLs, and token settings.
list_users
List users in a Cognito user pool. Supports filtering by attributes such as email, username, phone_number, name, given_name, family_name, preferred_username, sub, and status. Supports pagination for large user directories.
manage_user_pool
Create, update, get, or delete a Cognito user pool. When creating, only the pool name is required. When updating, provide the user pool ID and the fields to change. Supports configuring password policies, MFA, auto-verification, and deletion protection.
list_groups
List all groups in a Cognito user pool. Returns group names, descriptions, precedence values, and associated IAM role ARNs. Supports pagination.
manage_identity_pool
Create, get, update, delete, or list Cognito identity pools (federated identities). Identity pools issue temporary AWS credentials to authenticated and guest users, enabling direct access to AWS services.
manage_user_pool_domain
Create, get, update, or delete a Cognito user pool domain. User pool domains host managed login, OAuth authorization endpoints, and authentication pages for applications.
manage_resource_server
Create, get, update, delete, or list Cognito resource servers for a user pool. Resource servers define custom OAuth scopes for external APIs and machine-to-machine authorization.
manage_identity_pool_roles
Get or set IAM roles for a Cognito identity pool. Identity pool roles control the AWS credentials issued to authenticated and unauthenticated identities.
Manage user authentication and authorization for web and mobile apps. Create and configure user pools as user directories with password policies, MFA, and account recovery. Create, update, disable, and delete users and their attributes. Manage groups for role-based access control. Configure federated sign-in with SAML 2.0, OIDC, and social identity providers (Google, Facebook, Apple, Amazon). Set up app clients with OAuth scopes, callback URLs, and token settings. Create identity pools to issue temporary AWS credentials for authenticated or anonymous users. Migrate users via batch CSV import or just-in-time Lambda triggers. Customize ID and access tokens with pre-token generation triggers. Configure machine-to-machine authorization using OAuth client credentials flow with resource servers and custom scopes. Enable advanced security features for risk-based adaptive authentication. Respond to authentication lifecycle events including sign-up, authentication, token generation, and user migration via Lambda triggers.
Common questions about connecting Aws Cognito to AI agents with Metorial.