AIO Tool for backing up and restoring AWS Cognito User Pools
Amazon Cognito is awesome, but has its own set of limitations. Currently there is no backup option provided in case we need to take backup of users (to move to another service) or restore them to new Userpool.
cognito-backup-restore tries to overcome this problem by providing a way to backup users from cognito pool(s) to json file and vice-versa.
Please Note: There is no way of getting passwords of the users in cognito, so you may need to ask them to make use of ForgotPassword to recover their account.
Requires node 6.10 or newer
cognito-backup-restore is available as a package on npm.
npm install -g cognito-backup-restore
cognito-backup-restore can be used by importing it directly or via CLI (recommended).
Make sure you have installed it locally
npm install --save cognito-backup-restore. Typings are available and included.
;;;// you may use async-await toobackupUserscognitoISP, USERPOOL-ID, directory.thenconsole.log`Backup completed`.catchconsole.errorrestoreUserscognitoISP, USERPOOL-ID, JSON-File, Password?.thenconsole.log`Restore completed`.catchconsole.error
This is useful incase you want to write your own wrapper or script instead of using CLI.
cbr to use it. Make use of
-h for help.
cbr <command> [options]
Available options are:
-r: The region to use. Overrides config/env settings
--pool: The Cognito pool to use. Possible value of
allis allowed in case of backup.
-p: Use a specific profile from the credential file. Key and Secret can be passed instead (see below).
--key: The AWS Access Key to use. Not to be passed when using
--secret: The AWS Secret Key to use. Not to be passed when using
--delay: delay in millis between alternate users batch(60) backup, to avoid rate limit error.
Backupcbr backupcbr backup <options>
--directoryoption is available to export json data to.
Restorecbr restorecbr restore <options>
--fileoption is available to read the json file to import from.
--pwdoption is available to set TemporaryPassword of the users. If not provided, cognito generated password will be used and email will be sent to the users with One Time Password.
--pwdModuleoption is available to make use of custom logic to generate password. If not provided, cognito generated password will be used and email will be sent to the users with One Time Password, unless
--pwdis used. Make sure to pass absolute path of the file. Refer this.
In case any of the required option is missing, a interactive command line user interface kicks in to select from.
Fine tune the backup process
Write detailed Readme with examples
- Convert JSON to CSV
- Implement Amazon Cognito User Pool Import Job
- AWS Cross-Region Cognito Replication
Thanks goes to these wonderful people (emoji key):
Alvaro Del Valle
This project follows the all-contributors specification. Contributions of any kind welcome!