Open in app

Sign in

Write

Sign in

Habil BOZALİ
3 min readFeb 3, 2025
Photo by marc belver colomer on Unsplash

Amazon Cognito is a powerful user authentication and authorization service provided by AWS. It helps you manage user sign-up, sign-in, and access control for your web and mobile applications. One common requirement when working with Cognito is the need to clone a User Pool, especially when setting up different environments (development, staging, production) or creating backups.

In this article, we’ll explore how to clone an AWS Cognito User Pool programmatically using Python and the boto3 library. We’ll create a script that copies all essential components, including app clients, groups, and schema attributes.

Prerequisites

  • Python 3.x installed
  • AWS account with appropriate permissions
  • boto3 library installed (pip install boto3)
  • AWS credentials configured

Understanding the Code Structure

Let’s break down our solution into manageable parts:

1. Setting Up AWS Client

import boto3
from botocore.exceptions import ClientError

def get_client(aws_profile=None, region_name='eu-central-1'):
    if aws_profile:
        boto3.setup_default_session(profile_name=aws_profile)
    return boto3.client('cognito-idp', region_name=region_name)

This section initializes the AWS client using boto3. It allows you to specify an AWS profile and region, making it flexible for different environments.

2. Main Cloning Function

def copy_user_pool(source_user_pool_id, new_user_pool_name, aws_profile=None):
    client = get_client(aws_profile)
    
    try:
        response = client.describe_user_pool(UserPoolId=source_user_pool_id)
        user_pool_details = response['UserPool']
        print(f"Source User Pool details for ID {source_user_pool_id} retrieved successfully.")
        
        new_user_pool_response = client.create_user_pool(
            PoolName=new_user_pool_name,
            Policies=user_pool_details['Policies'],
            LambdaConfig=user_pool_details.get('LambdaConfig', {}),
            AutoVerifiedAttributes=user_pool_details.get('AutoVerifiedAttributes', []),
            # ... other configuration parameters
        )
        
        new_user_pool_id = new_user_pool_response['UserPool']['Id']
        return new_user_pool_id
        
    except Exception as e:
        print(f"An error occurred: {e}")
        return None

This function handles the main cloning process. It:

  1. Retrieves the source User Pool details
  2. Creates a new User Pool with the same configuration
  3. Returns the new User Pool ID if successful

3. Copying App Clients

def copy_app_clients(client, source_user_pool_id, new_user_pool_id, user_pool_details):
    try:
        app_clients_response = client.list_user_pool_clients(UserPoolId=source_user_pool_id)
        app_clients = app_clients_response['UserPoolClients']
        
        for app_client in app_clients:
            client.create_user_pool_client(
                UserPoolId=new_user_pool_id,
                ClientName=app_client['ClientName'],
                GenerateSecret=True,
                RefreshTokenValidity=86400,
                # ... other client configurations
            )
    except Exception as e:
        print(f"An error occurred while copying app clients: {e}")

This function copies all app clients from the source User Pool to the new one, maintaining their configurations.

4. Copying User Pool Groups

def copy_user_pool_groups(client, source_user_pool_id, new_user_pool_id):
    try:
        groups_response = client.list_groups(UserPoolId=source_user_pool_id)
        groups = groups_response['Groups']
        
        for group in groups:
            client.create_group(
                UserPoolId=new_user_pool_id,
                GroupName=group['GroupName'],
                Description=group.get('Description', ''),
                Precedence=group.get('Precedence', 0)
            )
    except Exception as e:
        print(f"An error occurred while copying groups: {e}")

This function replicates all user groups from the source User Pool to the new one.

Usage Example

if __name__ == "__main__":
    source_user_pool_id = 'eu-central-1_XXXXXXXX'  # Replace with your source pool ID
    new_user_pool_name = 'my-new-user-pool'
    aws_profile = 'YOUR_AWS_PROFILE'

new_pool_id = copy_user_pool(source_user_pool_id, new_user_pool_name, aws_profile)
    if new_pool_id:
        print(f"User Pool copied successfully. New Pool ID: {new_pool_id}")
    else:
        print("User Pool copying failed.")

Important Notes

  • The script maintains the same schema attributes, policies, and configurations as the source User Pool
  • App clients are created with new client IDs and secrets
  • User data is not copied — only the User Pool structure and configuration
  • Make sure you have appropriate AWS permissions before running the script

Conclusion

This Python script provides a convenient way to clone AWS Cognito User Pools, which can be particularly useful when setting up new environments or creating backups. The modular structure makes it easy to modify and extend based on your specific needs.

Remember to handle sensitive information carefully and never commit AWS credentials to version control systems.

See you in the next article! 👻

Awg Cognito
Cognito User Pools
Cognito Copy
Clone Cognito
Cognito
Habil BOZALİ
Habil BOZALİ

Written by Habil BOZALİ

19 Followers
1 Following

Coding & Coffee lover. Likes #photography and #puzzle. Writes about #cloud-technologies, #programming, #IoT and #DIY.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams