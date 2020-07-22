AIO Tool for backing up and restoring AWS Cognito User Pools

Amazon Cognito is awesome, but has its own set of limitations. Currently there is no backup option provided in case we need to take backup of users (to move to another service) or restore them to new Userpool.

cognito-backup-restore tries to overcome this problem by providing a way to backup users from cognito pool(s) to json file and vice-versa.

Please Note: There is no way of getting passwords of the users in cognito, so you may need to ask them to make use of ForgotPassword to recover their account.

Requirements

Requires node 6.10 or newer

Installation

cognito-backup-restore is available as a package on npm.

npm install -g cognito-backup-restore

Usage

cognito-backup-restore can be used by importing it directly or via CLI (recommended).

Imports

Make sure you have installed it locally npm install --save cognito-backup-restore . Typings are available and included.

import * as AWS from 'aws-sdk' ; import {backupUsers, restoreUsers} from 'cognito-backup-restore' ; const cognitoISP = new AWS.CognitoIdentityServiceProvider(); backupUsers(cognitoISP, <USERPOOL-ID>, <directory>) .then( () => console .log( `Backup completed` )) .catch( console .error) restoreUsers(cognitoISP, <USERPOOL-ID>, < JSON -File>, <Password?>) .then( () => console .log( `Restore completed` )) .catch( console .error)

This is useful incase you want to write your own wrapper or script instead of using CLI.

CLI

Run cognito-backup-restore or cbr to use it. Make use of -h for help.

cbr <command> [options]

Available options are: --region -r : The region to use. Overrides config/env settings --userpool --pool : The Cognito pool to use. Possible value of all is allowed in case of backup. --profile -p : Use a specific profile from the credential file. Key and Secret can be passed instead (see below). --aws-access-key --key : The AWS Access Key to use. Not to be passed when using --profile . --aws-secret-key --secret : The AWS Secret Key to use. Not to be passed when using --profile . --delay : delay in millis between alternate users batch(60) backup, to avoid rate limit error. --use-env-vars : Use AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN (optional) as environment variables --use-ec2-metadata : Use credentials received from the metadata service on an EC2 instance

Backup cbr backup cbr backup <options> --directory option is available to export json data to.

Restore cbr restore cbr restore <options> --file option is available to read the json file to import from. --pwd option is available to set TemporaryPassword of the users. If not provided, cognito generated password will be used and email will be sent to the users with One Time Password. --pwdModule option is available to make use of custom logic to generate password. If not provided, cognito generated password will be used and email will be sent to the users with One Time Password, unless --pwd is used. Make sure to pass absolute path of the file. Refer this.

In case any of the required option is missing, a interactive command line user interface kicks in to select from.

Todo

Fine tune the backup process

Implement Restore

Write detailed Readme with examples

Convert JSON to CSV

Convert JSON to CSV Implement Amazon Cognito User Pool Import Job

Implement Amazon Cognito User Pool Import Job AWS Cross-Region Cognito Replication

Contributors

Thanks goes to these wonderful people (emoji key):

This project follows the all-contributors specification. Contributions of any kind welcome!