Create a Cognito Test User


From @pjamieson on Sat Jul 01 2017 19:25:45 GMT+0000 (UTC)

I have multiple AWS profiles for different accounts. Since the one I’m using for this tutorial isn’t my default, I needed to add the --profile [profile name from my ~/.aws/credentials file] flag to both CLI commands. Hope this helps!


From @jayair on Sat Jul 01 2017 21:10:59 GMT+0000 (UTC)

Thanks for the tip @pjamieson. I’ll add it to the tutorial when I get a chance.


From @wellyal on Wed Jul 26 2017 03:21:08 GMT+0000 (UTC)

Nothing works
I’ve ran into this problem while running the command

aws cognito-idp sign-up \
  --region us-east-1 \
  --client-id 4kjstkv1m9t0orh6n569jnhgt5 \
  --username \
  --password Passw0rd! \
  --user-attributes Name=email,
An error occurred (ResourceNotFoundException) when calling the SignUp operation: User pool client 4kjstkv1m9t0orh6n569jnhgt5 does not exist.


From @wellyal on Wed Jul 26 2017 13:40:27 GMT+0000 (UTC)

Problem solved. My problem was the region. My region pool was us-west-2 not 1.


From @RaphaelMui on Mon Jul 31 2017 04:18:17 GMT+0000 (UTC)

Thanks @pjamieson. I have multiple profiles too. When the '–profile ’ parameter was not specified, ‘sign-up’ succeed but ‘admin-confirm-sign-up’ failed. I seems that the --region parameter was ignored.


From @QuantumInformation on Mon Sep 18 2017 11:31:15 GMT+0000 (UTC)

I solved the OP issue, but this is what I got next:


From @KelpDuNord on Fri Oct 20 2017 22:16:15 GMT+0000 (UTC)

aws cognito-idp admin-confirm-sign-up --region us-east-1 --user-pool-id us-east-1_fdlHwCS7x --username just returns “User pool us-east-1_fdlHwCS7x does not exist.” I can see the user created with aws cognito-idp sign-up in the user pool with a status of UNCONFIRMED. I’ve recreated the user pool three times with the same result.


From @QuantumInformation on Fri Oct 20 2017 22:28:33 GMT+0000 (UTC)

You probably created the pool in the wrong region.


From @jayair on Sat Oct 21 2017 23:33:27 GMT+0000 (UTC)

@KelpDuNord Hmm that’s really weird. So aws cognito-idp sign-up works but aws cognito-idp admin-confirm-sign-up does not work?


From @HeyMarcy on Sun Oct 22 2017 14:27:30 GMT+0000 (UTC)

This is my second attempt and I get the same error:
An error occurred (IncompleteSignatureException) when calling the AdminConfirmSignUp operation: 'key' not a valid key=value pair (missing equal-sign) in Authorization header...


From @lucasgonze on Mon Oct 23 2017 17:23:40 GMT+0000 (UTC)

Thanks for this discussion. It led me to the solution. I looked up the correct region by going to the Cognito home page (e.g. at, clicking “Manage your user pools”, selecting the user pool I created for the tutorial, and looking at the Pool ID.


From @KelpDuNord on Mon Oct 23 2017 17:49:12 GMT+0000 (UTC)

I just tried again, and yes, the signup worked but confirm did not. After running aws configure (I may have missed this before?), the confirm was successful.


From @jayair on Wed Oct 25 2017 17:04:04 GMT+0000 (UTC)

@KelpDuNord Thanks for reporting back. Can you tell me what you set in the aws configure command?

@lucasgonze Thanks for sharing your experience.

@HeyMarcy Can you show me the full command you used?


From @toyeebgodo on Tue Oct 31 2017 12:34:54 GMT+0000 (UTC)

@Hollow27 , were you able to solve your issue? I had the same issue, however changing region to us-east-2 (–region us-east-2 )worked for me.


From @Jaikant on Sat Nov 18 2017 10:45:34 GMT+0000 (UTC)

On running:
aws cognito-idp sign-up --region ap-south-1 --client-id xxxxx --username --password Passw0rd!

I got the below error

An error occurred (InvalidParameterException) when calling the SignUp operation: Cannot perform specific action because there does not exist a valid use pool domain associated with the user pool

I added the domain name in: User Pool -> App Integration -> Domain Name
and then it seemed to work:

epiphany-consulting jai$ aws cognito-idp sign-up --region ap-south-1 --client-id xxxxyyyy --username --password Passw0rd!
“UserConfirmed”: false,
“CodeDeliveryDetails”: {
“AttributeName”: “email”,
“Destination”: “a***@e***.com”,
“DeliveryMedium”: “EMAIL”


From @saurabh-vyas on Sat Nov 18 2017 20:58:36 GMT+0000 (UTC)

I am getting error as cognito-idp sub-cmd itself is not recognised.

vyas@gladiator:~$ aws cognito-idp sign-up --client-id $my-client-id --username --password Passw0rd! --user-attributes Name=email, --region us-east-1
usage: aws [options] <command> <subcommand> [parameters]
aws: error: argument command: Invalid choice, valid choices are:

autoscaling                              | cloudformation                          
cloudfront                               | cloudsearch                             
cloudsearchdomain                        | cloudtrail                              
cloudwatch                               | cognito-identity                        
cognito-sync                             | datapipeline                            
directconnect                            | dynamodb                                
ec2                                      | elasticache                             
elasticbeanstalk                         | elastictranscoder                       
elb                                      | emr                                     
iam                                      | importexport                            
kinesis                                  | kms                                     
lambda                                   | logs                                    
opsworks                                 | rds                                     
redshift                                 | route53                                 
route53domains                           | sdb                                     
ses                                      | sns                                     
sqs                                      | storagegateway                          
sts                                      | support                                 
swf                                      | s3api                                   
s3                                       | configure                               
deploy                                   | configservice                           

Not sure if need something else to aws cli to look for cognito-idp

(using Ubuntu 17.0.4)
vyas@gladiator:~$ aws --version
aws-cli/1.6.6 Python/2.7.13 Linux/4.10.0-38-generic

Thoughts / comments … please.


From @jayair on Sat Nov 18 2017 22:00:54 GMT+0000 (UTC)

@saurabh-vyas That’s really weird. Are you using the latest AWS CLI?

This is my version.

$ aws --version
aws-cli/1.11.189 Python/2.7.10 Darwin/16.7.0 botocore/1.7.47


From @saurabh-vyas on Sun Nov 19 2017 19:33:44 GMT+0000 (UTC)

@jayair : seems like the older version did not had this sub-cmd. I uninstalled awscli & re-installed that … and with version 1.11.189 … I was able to run this succesfully

vyas@gladiator:~/Learning/Serverless/notes-app-api$ aws cognito-idp sign-up --client-id $my-client-id --username --password Passw0rd! --user-attributes Name=email, --region us-east-1
    "UserConfirmed": false, 
    "UserSub": "938c49aa-344e-4c89-9dfe-4c25ad9a2afc", 
    "CodeDeliveryDetails": {
        "AttributeName": "email", 
        "Destination": "a***@e***.com", 
        "DeliveryMedium": "EMAIL"


From @jayair on Wed Nov 22 2017 18:18:24 GMT+0000 (UTC)

@saurabh-vyas Great! Thanks for reporting back.


From @svj13 on Mon Dec 04 2017 19:49:57 GMT+0000 (UTC)

Hello I am getting an error others haven’t seemed to have run into. I’m very new to AWS, and Serverless is my first go at using it. I’m running into issues with verifying the account

In windows powershell:
aws cognito-idp admin-confirm-sign-up
–region us-east-2
–user-pool-id us-east-2**********
–username \

I get the following error:
An error occurred (InvalidSignatureException) when calling the AdminConfirmSignUp operation: Signature expired: 20171204T063700Z is now earlier than 20171204T193202Z (20171204T193702Z - 5 min.)

Advice would be greatly appreciated so I can keep chugging through this tutorial :slight_smile: i have changed it all to be the correct region as well. I don’t really understand what my error means

I have discovered that I can verify manually though the AWS platform, but I would prefer things ran as they should through the terminal