AWS Security ChangesHomeSearch

AWS code-library documentation change

Service: code-library · 2025-03-10 · Documentation low

File: code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md

Summary

Added server-side and client-side filtering examples for list-users with detailed outputs

Security assessment

Improves user management documentation but does not address security vulnerabilities or add security-specific guidance.

Diff

diff --git a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md
index 1d60ca383..fa90c14d2 100644
--- a/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md
+++ b/code-library/latest/ug/cognito-identity-provider_example_cognito-identity-provider_ListUsers_section.md
@@ -66 +66 @@ CLI
-**To list users**
+**Example 1: To list users with a server-side filter**
@@ -68 +68 @@ CLI
-This example lists up to 20 users.
+The following `list-users` example lists 3 users in the requested user pool whose email addresses begin with `testuser`.
@@ -70 +69,0 @@ This example lists up to 20 users.
-Command:
@@ -72,2 +71,4 @@ Command:
-    
-    aws cognito-idp list-users --user-pool-id us-west-2_aaaaaaaaa --limit 20
+    aws cognito-idp list-users \
+        --user-pool-id us-west-2_EXAMPLE \
+        --filter email^=\"testuser\" \
+        --max-items 3
@@ -79,0 +81 @@ Output:
+        "PaginationToken": "efgh5678EXAMPLE",
@@ -82 +84,10 @@ Output:
-              "Username": "22704aa3-fc10-479a-97eb-2af5806bd327",
+                "Attributes": [
+                    {
+                        "Name": "sub",
+                        "Value": "eaad0219-2117-439f-8d46-4db20e59268f"
+                    },
+                    {
+                        "Name": "email",
+                        "Value": "[email protected]"
+                    }
+                ],
@@ -84,3 +95,6 @@ Output:
-              "UserStatus": "FORCE_CHANGE_PASSWORD",
-              "UserCreateDate": 1548089817.683,
-              "UserLastModifiedDate": 1548089817.683,
+                "UserCreateDate": 1682955829.578,
+                "UserLastModifiedDate": 1689030181.63,
+                "UserStatus": "CONFIRMED",
+                "Username": "testuser"
+            },
+            {
@@ -90 +104 @@ Output:
-                      "Value": "22704aa3-fc10-479a-97eb-2af5806bd327"
+                        "Value": "3b994cfd-0b07-4581-be46-3c82f9a70c90"
@@ -93,2 +107,15 @@ Output:
-                      "Name": "email_verified",
-                      "Value": "true"
+                        "Name": "email",
+                        "Value": "[email protected]"
+                    }
+                ],
+                "Enabled": true,
+                "UserCreateDate": 1684427979.201,
+                "UserLastModifiedDate": 1684427979.201,
+                "UserStatus": "UNCONFIRMED",
+                "Username": "testuser2"
+            },
+            {
+                "Attributes": [
+                    {
+                        "Name": "sub",
+                        "Value": "5929e0d1-4c34-42d1-9b79-a5ecacfe66f7"
@@ -98 +125 @@ Output:
-                      "Value": "[email protected]"
+                        "Value": "[email protected]"
@@ -100 +127,6 @@ Output:
-              ]
+                ],
+                "Enabled": true,
+                "UserCreateDate": 1684427823.641,
+                "UserLastModifiedDate": 1684427823.641,
+                "UserStatus": "UNCONFIRMED",
+                "Username": "[email protected]"
@@ -104,0 +137,34 @@ Output:
+For more information, see [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) in the _Amazon Cognito Developer Guide_.
+
+**Example 2: To list users with a client-side filter**
+
+The following `list-users` example lists the attributes of three users who have an attribute, in this case their email address, that contains the email domain "@example.com". If other attributes contained this string, they would also be displayed. The second user has no attributes that match the query and is excluded from the displayed output, but not from the server response.
+    
+    
+    aws cognito-idp list-users \
+        --user-pool-id us-west-2_EXAMPLE \
+        --max-items 3
+        --query Users\[\*\].Attributes\[\?Value\.contains\(\@\,\'@example.com\'\)\]
+    
+
+Output:
+    
+    
+    [
+        [
+            {
+                "Name": "email",
+                "Value": "[email protected]"
+            }
+        ],
+        [],
+        [
+            {
+                "Name": "email",
+                "Value": "[email protected]"
+            }
+        ]
+    ]
+
+For more information, see [Managing and searching for users](https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html) in the _Amazon Cognito Developer Guide_.
+