DEV Community

Habil BOZALİ
Habil BOZALİ

Posted on • Originally published at habil.Medium on

How to Clone AWS Cognito User Pools Using Python


Photo by marc belver colomer on Unsplash

Amazon Cognito is a powerful user authentication and authorization service provided by AWS. It helps you manage user sign-up, sign-in, and access control for your web and mobile applications. One common requirement when working with Cognito is the need to clone a User Pool, especially when setting up different environments (development, staging, production) or creating backups.

In this article, we’ll explore how to clone an AWS Cognito User Pool programmatically using Python and the boto3 library. We’ll create a script that copies all essential components, including app clients, groups, and schema attributes.

Prerequisites

  • Python 3.x installed
  • AWS account with appropriate permissions
  • boto3 library installed (pip install boto3)
  • AWS credentials configured

Understanding the Code Structure

Let’s break down our solution into manageable parts:

1. Setting Up AWS Client

import boto3
from botocore.exceptions import ClientError

def get_client(aws_profile=None, region_name='eu-central-1'):
    if aws_profile:
        boto3.setup_default_session(profile_name=aws_profile)
    return boto3.client('cognito-idp', region_name=region_name)
Enter fullscreen mode Exit fullscreen mode

This section initializes the AWS client using boto3. It allows you to specify an AWS profile and region, making it flexible for different environments.

2. Main Cloning Function

def copy_user_pool(source_user_pool_id, new_user_pool_name, aws_profile=None):
    client = get_client(aws_profile)

    try:
        response = client.describe_user_pool(UserPoolId=source_user_pool_id)
        user_pool_details = response['UserPool']
        print(f"Source User Pool details for ID {source_user_pool_id} retrieved successfully.")

        new_user_pool_response = client.create_user_pool(
            PoolName=new_user_pool_name,
            Policies=user_pool_details['Policies'],
            LambdaConfig=user_pool_details.get('LambdaConfig', {}),
            AutoVerifiedAttributes=user_pool_details.get('AutoVerifiedAttributes', []),
            # ... other configuration parameters
        )

        new_user_pool_id = new_user_pool_response['UserPool']['Id']
        return new_user_pool_id

    except Exception as e:
        print(f"An error occurred: {e}")
        return None
Enter fullscreen mode Exit fullscreen mode

This function handles the main cloning process. It:

  1. Retrieves the source User Pool details
  2. Creates a new User Pool with the same configuration
  3. Returns the new User Pool ID if successful

3. Copying App Clients

def copy_app_clients(client, source_user_pool_id, new_user_pool_id, user_pool_details):
    try:
        app_clients_response = client.list_user_pool_clients(UserPoolId=source_user_pool_id)
        app_clients = app_clients_response['UserPoolClients']

        for app_client in app_clients:
            client.create_user_pool_client(
                UserPoolId=new_user_pool_id,
                ClientName=app_client['ClientName'],
                GenerateSecret=True,
                RefreshTokenValidity=86400,
                # ... other client configurations
            )
    except Exception as e:
        print(f"An error occurred while copying app clients: {e}")
Enter fullscreen mode Exit fullscreen mode

This function copies all app clients from the source User Pool to the new one, maintaining their configurations.

4. Copying User Pool Groups

def copy_user_pool_groups(client, source_user_pool_id, new_user_pool_id):
    try:
        groups_response = client.list_groups(UserPoolId=source_user_pool_id)
        groups = groups_response['Groups']

        for group in groups:
            client.create_group(
                UserPoolId=new_user_pool_id,
                GroupName=group['GroupName'],
                Description=group.get('Description', ''),
                Precedence=group.get('Precedence', 0)
            )
    except Exception as e:
        print(f"An error occurred while copying groups: {e}")
Enter fullscreen mode Exit fullscreen mode

This function replicates all user groups from the source User Pool to the new one.

Usage Example

if __name__ == " __main__":
    source_user_pool_id = 'eu-central-1_XXXXXXXX' # Replace with your source pool ID
    new_user_pool_name = 'my-new-user-pool'
    aws_profile = 'YOUR_AWS_PROFILE'

new_pool_id = copy_user_pool(source_user_pool_id, new_user_pool_name, aws_profile)
    if new_pool_id:
        print(f"User Pool copied successfully. New Pool ID: {new_pool_id}")
    else:
        print("User Pool copying failed.")
Enter fullscreen mode Exit fullscreen mode

Important Notes

  • The script maintains the same schema attributes, policies, and configurations as the source User Pool
  • App clients are created with new client IDs and secrets
  • User data is not copied — only the User Pool structure and configuration
  • Make sure you have appropriate AWS permissions before running the script

Conclusion

This Python script provides a convenient way to clone AWS Cognito User Pools, which can be particularly useful when setting up new environments or creating backups. The modular structure makes it easy to modify and extend based on your specific needs.

Remember to handle sensitive information carefully and never commit AWS credentials to version control systems.

See you in the next article! 👻

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

AWS GenAI LIVE image

Real challenges. Real solutions. Real talk.

From technical discussions to philosophical debates, AWS and AWS Partners examine the impact and evolution of gen AI.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay