CLI for backing up AWS Cogntito User Pools
License: MIT License
I create free and open source software because I believe that software should be available to everyone, without having to sell your soul to data mining corporations.
cloudwatch-winston - Robust and simple Winston transport for AWS CloudWatch Logsmjml-dynamic - Include dynamic MJML content via JSONcognito-backup - AWS missing backup tool for Cognito User Pools.![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
I have a few suggestions for the process of user restoration as, at least as I see it, the current implementation is a bit hard to scale:
tempPassword is a bit inappropriate, as it gives all users the same temporary password. Following the docs if TemporaryPassword is not provided Cognito will generate one for you and send it to the user on the given email if MessageAction is not set to SUPPRESSMessageAction should be optional. If set to RESEND Cognito will automatically send a temporary password to the given email address.I guess the best way to allow the above would be to extend the current cli a bit so more options are dynamic rather that hardcoded.
https://github.com/mifi/cognito-backup/blob/master/cli.js#L83
assert(!data.NextToken, 'More than 60 user pools is not yet supported');
cognito-backup restore-groups --user-poo-id --file-name
I tried this command but it will only transfer the only group name instead i want to transfer each user present in the group.
Please help mike finstead.
I am getting this error while backing up groups
**Command ;- cognito-backup backup-groups eu-west-1_12345 --region us-east-1 --file eu-west-1_12345.json
**error :-
file:///usr/local/lib/node_modules/cognito-backup/cli.js:218
debug('Restored user', response?.User?.Username);
^
SyntaxError: Unexpected token '.'
at Loader.moduleStrategy (internal/modules/esm/translators.js:133:18)
at async link (internal/modules/esm/module_job.js:42:21)
I have a strange issue... I've packaged backup-cognito on a docker image. When executing it from my local machine on a 5000 user pools it works 100% of time. But when i execute it on the jenkins node i have on AWS i get a TooManyRequestsException. I tried to change the value of the limiter... nothing change... any clue? How can i get more debug, messages on it?
/usr/local/bin/cognito-backup backup-users eu-west-1_eTHaDFrjR --region eu-west-1
TooManyRequestsException: Rate exceeded
at Request.extractError (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/protocol/json.js:51:27)
at Request.callListeners (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at Request.emit (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:38:9)
Hello,
Thanks for creating such a useful tool!
I have a usecase I'd like to implement however I want to start a discussion before I make a pull request.
I need to cross-reference old and new user identities (sub). I'd like the tool to output something like:
User created oldSub":"xxx" newSub: "yyy"
for each restored user.
Now, I understand other people may want different output formats, fields, etc. hence I'd like to introduce templating (most likely with handlebars).
The CLI would work like so:
cognito-backup restore-users pool_id "Abcd.1234" --file users.json --out-template "{{source.Attributes.sub}} {{response.Attributes.sub}}"
We have 3+ AWS accounts and thus utilize the '--profile' CLI option all the time. Can this support be added as a CLI option to your backup script?
At least I can backup one particular cognito user pool and restore it.
If aws doesn't expose the password, then we can restore the user pool with a default password.
No need full functions that backup all and restore all. Will it be simpler?
I used to be able to dump normally, but since June 14th, 15:01 (UTC), I've got the following error message and the process stops halfway through.
I have two Cognito pools, each in a different AWS account, but I get the same error on both of them.
Do you know what is causing this?
TooManyRequestsException: Too many requests
at Request.extractError (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:686:14)
at Request.transition (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/request.js:688:12)
at Request.callListeners (/home/ec2-user/.asdf/installs/nodejs/17.9.0/.npm/lib/node_modules/cognito-backup/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
The backup json files include the Enabled boolean attribute, but in my experience this value is not utilized during the restore.
As a result, previously disabled, backed-up accounts are no longer disabled after restoring from that backup.
It's easy enough to handle this case outside of this tool, but since I've gotten a lot of mileage out of the tool I would be happy to contribute back if there is interest.
Since I am trying to import about 500 users, I end up hitting this issue. Any chance that a backoff can be implemented, or any way to batch functions? What I end up with is about 80 users created and unless I delete all users, I cannot re-run this..
I execute cognito-backup restore-users eu-central-xxxxx Abcd.1234 --region eu-central-1 --file userpool-dev.json and get no result with error code 0. But in the AWS Userpool, there are no users.
Thanks for the great tool. We backed up from one region and restored to another, however, we were missing user's groups. Any plans on including the user groups in the future?
We currently have multiple profiles in our ~/.aws/crendentials file. Is it possible to include a --profile flag to specify the profile?
If there isn't any major challenges hindering this, I plan on tackling this issue in a PR.
I've tried group backup and restore,
but it will only transfer the group; instead, I want to transfer every user in the group.
When I run below command,
cognito-backup backup-users [pool_id] --region [resion]
the backup fails with below message.
Error: connect ETIMEDOUT [IP:port]
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1163:14)
Are there any settings or options I should do?
Thanks,
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.