{"id":3432,"date":"2024-04-09T11:54:39","date_gmt":"2024-04-09T10:54:39","guid":{"rendered":"https:\/\/www.easydeploy.io\/blog\/?p=3432"},"modified":"2024-04-09T12:22:08","modified_gmt":"2024-04-09T11:22:08","slug":"how-to-migrate-aws-cognito-user-pool-to-another-aws-account","status":"publish","type":"post","link":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/","title":{"rendered":"How to migrate AWS Cognito user pool to another AWS account. No password change."},"content":{"rendered":"<h2 id=\"1.-Introduction\" data-renderer-start-pos=\"3\">Introduction<\/h2>\n<p>AWS Cognito provides a comprehensive set of authentication, authorization, and user management features, making it a popular choice for many modern applications. When migrating AWS Cognito to a different AWS account, it&#8217;s essential to ensure a seamless transition without impacting the user experience or compromising security.<\/p>\n<p>This tutorial is also published on our YouTube channel. You can follow the video tutorial below.<\/p>\n<div class=\"wpex-responsive-embed\"><iframe loading=\"lazy\" title=\"Migrate AWS Cognito users between two different AWS account Cognito user pools. No password change\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/_z0lMFzO6xc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<h2 id=\"2.-Prerequisites\" data-renderer-start-pos=\"349\">Prerequisites<\/h2>\n<ul class=\"ak-ul\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"369\">Aws account<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"384\">Aws account with admin access and IAM full access<\/p>\n<\/li>\n<li>\n<p data-renderer-start-pos=\"437\">Basic understanding of AWS, AWS Cognito, lambda, Roles, and policy<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"4.-Intended-audience\" data-renderer-start-pos=\"507\">Intended audience<\/h2>\n<ul class=\"ak-ul\" data-indent-level=\"1\">\n<li>\n<p data-renderer-start-pos=\"531\">Engineer<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"5.-Procedure\" data-renderer-start-pos=\"544\">Procedure<\/h2>\n<p>Follow these steps to use the migration Lambda function<\/p>\n<h3 id=\"5.1-Create-a-new-user-pool-client-app-in-the-old-user-pool-This-client-must-have-the-OAuth-flow-ALLOW_ADMIN_USER_PASSWORD_AUTH-enabled\" data-renderer-start-pos=\"616\">5.1 Create a new user pool client app in the old user pool This client must have the OAuth flow ALLOW_ADMIN_USER_PASSWORD_AUTH enabled<\/h3>\n<p>First, log into your AWS account of the existing Cognito user pool, which we consider the source<\/p>\n<p data-renderer-start-pos=\"853\">After login, navigate to the Cognito user pool and select the user pool you wish to migrate<\/p>\n<p data-renderer-start-pos=\"853\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1-1024x280.webp\" alt=\"\" width=\"1024\" height=\"280\" class=\"alignnone size-large wp-image-3436\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1-1024x280.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1-300x82.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1-768x210.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1-1536x420.webp 1536w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-042101-1.webp 1768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p data-renderer-start-pos=\"949\">You will see the user pool overview. Select the &#8216;App integration&#8217; menu below the image that looks like<\/p>\n<p data-renderer-start-pos=\"949\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-043326-1024x365.webp\" alt=\"\" width=\"1024\" height=\"365\" class=\"alignnone size-large wp-image-3437\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-043326-1024x365.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-043326-300x107.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-043326-768x274.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-043326.webp 1286w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p data-renderer-start-pos=\"1056\">Below, at the end, you will see the &#8216;App client list&#8217; section. Click on the &#8216;Create app client&#8217; menu in the top right corner<\/p>\n<p data-renderer-start-pos=\"1056\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044013-1024x218.webp\" alt=\"\" width=\"1024\" height=\"218\" class=\"alignnone size-large wp-image-3438\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044013-1024x218.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044013-300x64.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044013-768x164.webp 768w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044013.webp 1093w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p data-renderer-start-pos=\"1185\">Mention the app client name as you prefer<\/p>\n<p data-renderer-start-pos=\"1185\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044809.webp\" alt=\"\" width=\"605\" height=\"429\" class=\"alignnone size-full wp-image-3439\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044809.webp 605w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044809-300x213.webp 300w\" sizes=\"(max-width: 605px) 100vw, 605px\" \/><\/p>\n<p data-renderer-start-pos=\"1231\">Authentication flows section select the Allow_ADMIN_USER_PASSWORD_AUTH<\/p>\n<p data-renderer-start-pos=\"1231\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044927.webp\" alt=\"\" width=\"707\" height=\"301\" class=\"alignnone size-full wp-image-3440\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044927.webp 707w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-044927-300x128.webp 300w\" sizes=\"(max-width: 707px) 100vw, 707px\" \/><\/p>\n<p data-renderer-start-pos=\"1231\">In the &#8216;Hosted UI settings&#8217; section, for &#8216;Allowed callback URLs&#8217;, we specified &#8216;localhost&#8217; for testing purposes. Feel free to provide any URL you prefer. We&#8217;ll leave the other details as the default<\/p>\n<p data-renderer-start-pos=\"1231\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045315.webp\" alt=\"\" width=\"589\" height=\"435\" class=\"alignnone size-full wp-image-3441\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045315.webp 589w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045315-300x222.webp 300w\" sizes=\"(max-width: 589px) 100vw, 589px\" \/><\/p>\n<p data-renderer-start-pos=\"1510\">Click on Create app<\/p>\n<p data-renderer-start-pos=\"1510\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045705.webp\" alt=\"\" width=\"658\" height=\"540\" class=\"alignnone size-large wp-image-3444\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045705.webp 658w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045705-300x246.webp 300w\" sizes=\"(max-width: 658px) 100vw, 658px\" \/><\/p>\n<p data-renderer-start-pos=\"1510\">After creating the app client, please note down the client app ID and user pool ID. We will configure these in the Lambda environment later<\/p>\n<p data-renderer-start-pos=\"1510\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045805.webp\" alt=\"\" width=\"1047\" height=\"269\" class=\"alignnone size-full wp-image-3445\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045805.webp 1047w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045805-300x77.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045805-1024x263.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-045805-768x197.webp 768w\" sizes=\"(max-width: 1047px) 100vw, 1047px\" \/><\/p>\n<p data-renderer-start-pos=\"1510\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-050143.webp\" alt=\"\" width=\"1245\" height=\"320\" class=\"alignnone size-full wp-image-3446\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-050143.webp 1245w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-050143-300x77.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-050143-1024x263.webp 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-050143-768x197.webp 768w\" sizes=\"(max-width: 1245px) 100vw, 1245px\" \/><\/p>\n<h3 id=\"5.2-Create-a-new-user-pool-that-allows-triggering-user-migration.-Ensure-these-clients-use-the-OAuth-flow-with-'USER_PASSWORD_AUTH'-enabled.\" data-renderer-start-pos=\"1682\">5.2 Create a new user pool that allows triggering user migration. Ensure these clients use the OAuth flow with &#8216;USER_PASSWORD_AUTH&#8217; enabled<\/h3>\n<p data-renderer-start-pos=\"1824\">In the destination account, create a new Cognito user pool to migrate existing users<\/p>\n<p data-renderer-start-pos=\"1910\">Log in to the destination account, navigate to the Cognito service, and click on &#8216;Create user pool&#8217;<\/p>\n<p data-renderer-start-pos=\"1910\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-051804.webp\" alt=\"\" width=\"964\" height=\"266\" class=\"alignnone size-full wp-image-3447\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-051804.webp 964w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-051804-300x83.webp 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-051804-768x212.webp 768w\" sizes=\"(max-width: 964px) 100vw, 964px\" \/><\/p>\n<p data-renderer-start-pos=\"1910\">In the Cognito user pool sign-in options, we select both &#8216;username&#8217; and &#8217;email&#8217;. You can choose the options as per your preference, Click next<\/p>\n<p data-renderer-start-pos=\"1910\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052710.webp\" alt=\"\" width=\"623\" height=\"521\" class=\"alignnone size-full wp-image-3448\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052710.webp 623w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052710-300x251.webp 300w\" sizes=\"(max-width: 623px) 100vw, 623px\" \/><\/p>\n<p data-renderer-start-pos=\"2164\">For MFA enforcement, we select &#8216;No MFA&#8217;. For other details, we&#8217;ll leave them as default, and then click &#8216;Next<\/p>\n<p data-renderer-start-pos=\"2164\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052859.webp\" alt=\"\" width=\"611\" height=\"512\" class=\"alignnone size-full wp-image-3449\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052859.webp 611w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-052859-300x251.webp 300w\" sizes=\"(max-width: 611px) 100vw, 611px\" \/><\/p>\n<p data-renderer-start-pos=\"2280\">Configure sign-up experience section,we&#8217;ll leave them as default, and then click &#8216;Next<\/p>\n<p data-renderer-start-pos=\"2280\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-053825.webp\" alt=\"\" width=\"598\" height=\"529\" class=\"alignnone size-full wp-image-3450\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-053825.webp 598w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-053825-300x265.webp 300w\" sizes=\"(max-width: 598px) 100vw, 598px\" \/><\/p>\n<p data-renderer-start-pos=\"2371\">We select the email provider option send\u00a0 email with Cognito and click next<\/p>\n<p data-renderer-start-pos=\"2371\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054030.webp\" alt=\"\" width=\"609\" height=\"521\" class=\"alignnone size-full wp-image-3451\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054030.webp 609w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054030-300x257.webp 300w\" sizes=\"(max-width: 609px) 100vw, 609px\" \/><\/p>\n<p data-renderer-start-pos=\"2458\">We mention the user pool &#8216;desapp&#8217;. You can mention it as you prefer<\/p>\n<p data-renderer-start-pos=\"2458\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054333.webp\" alt=\"\" width=\"597\" height=\"281\" class=\"alignnone size-full wp-image-3454\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054333.webp 597w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054333-300x141.webp 300w\" sizes=\"(max-width: 597px) 100vw, 597px\" \/><\/p>\n<p data-renderer-start-pos=\"2458\">In the &#8216;Hosted authentication pages&#8217; section, select &#8216;Use the Cognito hosted UI&#8217;, In the &#8216;Domain&#8217; section, we mentioned the domain as &#8216;desdemo&#8217;<\/p>\n<p data-renderer-start-pos=\"2458\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054552.webp\" alt=\"\" width=\"613\" height=\"451\" class=\"alignnone size-full wp-image-3457\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054552.webp 613w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-054552-300x221.webp 300w\" sizes=\"(max-width: 613px) 100vw, 613px\" \/><\/p>\n<p data-renderer-start-pos=\"2458\">We mention the App client name &#8216;desapp\u2019, You can mention it as you prefer and call back URL we provide localhost. you can provide any URL you prefer<\/p>\n<p data-renderer-start-pos=\"2458\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055504.webp\" alt=\"\" width=\"583\" height=\"345\" class=\"alignnone size-full wp-image-3455\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055504.webp 583w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055504-300x178.webp 300w\" sizes=\"(max-width: 583px) 100vw, 583px\" \/><\/p>\n<p data-renderer-start-pos=\"2828\">In the &#8216;Advanced app client settings&#8217;, under &#8216;Authentication flows&#8217;, select &#8216;ALLOW_USER_PASSWORD_AUTH&#8217;<\/p>\n<p data-renderer-start-pos=\"2828\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055953.png\" alt=\"\" width=\"578\" height=\"438\" class=\"alignnone size-full wp-image-3458\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055953.png 578w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-055953-300x227.png 300w\" sizes=\"(max-width: 578px) 100vw, 578px\" \/><\/p>\n<p data-renderer-start-pos=\"2935\">For other details, we&#8217;ll leave them as default, and then click &#8216;Next<\/p>\n<p data-renderer-start-pos=\"2935\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060537.png\" alt=\"\" width=\"639\" height=\"229\" class=\"alignnone size-full wp-image-3459\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060537.png 639w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060537-300x108.png 300w\" sizes=\"(max-width: 639px) 100vw, 639px\" \/><\/p>\n<p data-renderer-start-pos=\"3008\">finally, click on Create User pool<\/p>\n<p data-renderer-start-pos=\"3008\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060713.png\" alt=\"\" width=\"844\" height=\"541\" class=\"alignnone size-full wp-image-3460\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060713.png 844w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060713-300x192.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060713-768x492.png 768w\" sizes=\"(max-width: 844px) 100vw, 844px\" \/><\/p>\n<p data-renderer-start-pos=\"3008\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060758.png\" alt=\"\" width=\"839\" height=\"258\" class=\"alignnone size-full wp-image-3461\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060758.png 839w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060758-300x92.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-060758-768x236.png 768w\" sizes=\"(max-width: 839px) 100vw, 839px\" \/><\/p>\n<h3 id=\"5.3-Creating-the-lambda-function-and-Lambda-execution-role\" data-renderer-start-pos=\"3051\">5.3 Creating the lambda function and Lambda execution role<\/h3>\n<p data-renderer-start-pos=\"3112\">In the destination AWS account, create a new AWS Lambda function. This function will be responsible for initiating the migration process and executing the necessary API calls to replicate the user data from the source account<\/p>\n<p data-renderer-start-pos=\"3339\">Navigate to Lambda and click on &#8216;Create Function&#8217;<\/p>\n<p data-renderer-start-pos=\"3339\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061304.png\" alt=\"\" width=\"1187\" height=\"319\" class=\"alignnone size-full wp-image-3462\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061304.png 1187w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061304-300x81.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061304-1024x275.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061304-768x206.png 768w\" sizes=\"(max-width: 1187px) 100vw, 1187px\" \/><\/p>\n<p data-renderer-start-pos=\"3393\">We mention the function name &#8216;usermigration&#8217;. In the runtime section, select &#8216;Node.js 16&#8217;, then click on &#8216;Create Function&#8217;<\/p>\n<p data-renderer-start-pos=\"3393\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061819.png\" alt=\"\" width=\"1224\" height=\"524\" class=\"alignnone size-full wp-image-3463\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061819.png 1224w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061819-300x128.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061819-1024x438.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-061819-768x329.png 768w\" sizes=\"(max-width: 1224px) 100vw, 1224px\" \/><\/p>\n<p data-renderer-start-pos=\"3513\">After creating the Lambda function, select the &#8216;Permissions&#8217;, then choose the role name that was created<\/p>\n<p data-renderer-start-pos=\"3513\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-062329.png\" alt=\"\" width=\"893\" height=\"257\" class=\"alignnone size-full wp-image-3464\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-062329.png 893w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-062329-300x86.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-062329-768x221.png 768w\" sizes=\"(max-width: 893px) 100vw, 893px\" \/><\/p>\n<p data-renderer-start-pos=\"3623\">It will take you to the Lambda execution role<\/p>\n<p data-renderer-start-pos=\"3670\">You need to attach the &#8216;AmazonCognitoPowerUser&#8217; policy and create an inline policy for &#8216;sts-assume&#8217;. You can reference the script below<\/p>\n<p data-renderer-start-pos=\"3807\">Please note that the ARN will contain the Account ID of the <strong data-renderer-mark=\"true\">source account<\/strong>. You need to replace it with your own<\/p>\n<pre data-renderer-start-pos=\"3807\">{\r\n\"Version\": \"2012-10-17\",\r\n\"Statement\": [\r\n{\r\n\"Sid\": \"Statement1\",\r\n\"Effect\": \"Allow\",\r\n\"Action\": \"sts:AssumeRole\",\r\n\"Resource\": [\r\n\"arn:aws:iam::384834573830:role\/crossaccountcognito\"\r\n]\r\n}\r\n]\r\n}<\/pre>\n<p data-renderer-start-pos=\"3807\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-064157.png\" alt=\"\" width=\"1438\" height=\"474\" class=\"alignnone size-full wp-image-3465\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-064157.png 1438w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-064157-300x99.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-064157-1024x338.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-064157-768x253.png 768w\" sizes=\"(max-width: 1438px) 100vw, 1438px\" \/><\/p>\n<h3 id=\"5.4-Download-the-lambda-source-code-and-upload-it\" data-renderer-start-pos=\"4219\">5.4 Download the lambda source code and upload it<span role=\"presentation\" class=\"heading-anchor-wrapper\"><\/span><\/h3>\n<p>You can download the lambda migration source code from this link: https:\/\/github.com\/Niyaz07\/cognito-migration-lambda-fn<span data-inline-card=\"true\" data-card-url=\"https:\/\/github.com\/Niyaz07\/cognito-migration-lambda-fn\" class=\"cc-0\"><span class=\"loader-wrapper\"><span><span aria-expanded=\"false\" data-testid=\"hover-card-trigger-wrapper\"><\/span><\/span><\/span><\/span><\/p>\n<p data-renderer-start-pos=\"4340\">To upload it<\/p>\n<p data-renderer-start-pos=\"4355\">Navigate to the lambda function we created in the previous step. Select &#8216;Upload from&#8217;, click the .zip file to upload it, and then save<\/p>\n<p data-renderer-start-pos=\"4355\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070102.png\" alt=\"\" width=\"1193\" height=\"375\" class=\"alignnone size-full wp-image-3466\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070102.png 1193w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070102-300x94.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070102-1024x322.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070102-768x241.png 768w\" sizes=\"(max-width: 1193px) 100vw, 1193px\" \/> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070203.png\" alt=\"\" width=\"774\" height=\"323\" class=\"alignnone size-full wp-image-3467\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070203.png 774w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070203-300x125.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-070203-768x320.png 768w\" sizes=\"(max-width: 774px) 100vw, 774px\" \/><\/p>\n<h3 id=\"5.5-Creating-the-User-Migration-trigger-executes-a-Lambda-function\" data-renderer-start-pos=\"4497\">5.5 Creating the User Migration trigger executes a Lambda function<span role=\"presentation\" class=\"heading-anchor-wrapper\"><\/span><\/h3>\n<p data-renderer-start-pos=\"4565\">Navigate to the newly created Cognito user pool and select the user pool name<\/p>\n<p data-renderer-start-pos=\"4565\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071249.png\" alt=\"\" width=\"979\" height=\"273\" class=\"alignnone size-full wp-image-3470\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071249.png 979w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071249-300x84.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071249-768x214.png 768w\" sizes=\"(max-width: 979px) 100vw, 979px\" \/><\/p>\n<p data-renderer-start-pos=\"4647\">Select the user pool properties and add a lambda trigger.<\/p>\n<p data-renderer-start-pos=\"4647\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071359.png\" alt=\"\" width=\"968\" height=\"332\" class=\"alignnone size-full wp-image-3471\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071359.png 968w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071359-300x103.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071359-768x263.png 768w\" sizes=\"(max-width: 968px) 100vw, 968px\" \/><\/p>\n<p data-renderer-start-pos=\"4709\">Trigger type select sign-up and sign-up option select the migrate user trigger<\/p>\n<p data-renderer-start-pos=\"4709\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071744.png\" alt=\"\" width=\"757\" height=\"444\" class=\"alignnone size-full wp-image-3472\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071744.png 757w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071744-300x176.png 300w\" sizes=\"(max-width: 757px) 100vw, 757px\" \/><\/p>\n<p data-renderer-start-pos=\"4793\">Select the lambda function that we created in the previous steps<\/p>\n<p data-renderer-start-pos=\"4793\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071827.png\" alt=\"\" width=\"764\" height=\"400\" class=\"alignnone size-full wp-image-3473\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071827.png 764w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-071827-300x157.png 300w\" sizes=\"(max-width: 764px) 100vw, 764px\" \/><\/p>\n<p data-renderer-start-pos=\"4862\">Click on add lambda trigger<\/p>\n<h3 id=\"5.6-The-cross-account-role-for-the-old-user-pool-should-allow-'AmazonCognitoPowerUser'-actions-and-trust-the-execution-role-of-the-lambda-function-in-the-destination-account\" data-renderer-start-pos=\"4892\">5.6 The cross-account role for the old user pool should allow &#8216;AmazonCognitoPowerUser&#8217; actions and trust the execution role of the lambda function in the destination account<span role=\"presentation\" class=\"heading-anchor-wrapper\"><\/span><\/h3>\n<p data-renderer-start-pos=\"5067\">Configuring Cross-Account IAM Roles<\/p>\n<p data-renderer-start-pos=\"5104\">Create an IAM role in the source account that allows the Lambda function in the destination account to assume this role. This will enable the Lambda function to access AWS Cognito resources in the source account<\/p>\n<p data-renderer-start-pos=\"5317\">login into the source account of aws and navigate through the IAM, create a new role and select the AWS account, an Aws account section select another aws account provide your destination account id, permission policy select <strong data-renderer-mark=\"true\">AmazonCognitoPowerUser <\/strong><\/p>\n<p data-renderer-start-pos=\"5317\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073132.png\" alt=\"\" width=\"996\" height=\"516\" class=\"alignnone size-full wp-image-3474\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073132.png 996w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073132-300x155.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073132-768x398.png 768w\" sizes=\"(max-width: 996px) 100vw, 996px\" \/><\/p>\n<p data-renderer-start-pos=\"5574\">Specify the name we provided in previous steps in the Lambda execution role&#8217;s STS-assume policy under the resource ARN<\/p>\n<p data-renderer-start-pos=\"5694\"><strong data-renderer-mark=\"true\">Note<\/strong>: Please ensure you provide the cross-account role name we created in the STS-assume policy under the resource ARN as previously given<\/p>\n<p data-renderer-start-pos=\"5694\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-074050.png\" alt=\"\" width=\"996\" height=\"279\" class=\"alignnone size-full wp-image-3476\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-074050.png 996w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-074050-300x84.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-074050-768x215.png 768w\" sizes=\"(max-width: 996px) 100vw, 996px\" \/><\/p>\n<p data-renderer-start-pos=\"5694\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073521.png\" alt=\"\" width=\"1006\" height=\"414\" class=\"alignnone size-full wp-image-3475\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073521.png 1006w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073521-300x123.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-073521-768x316.png 768w\" sizes=\"(max-width: 1006px) 100vw, 1006px\" \/><\/p>\n<p data-renderer-start-pos=\"5842\">After creating the cross-account role, select that role<\/p>\n<p data-renderer-start-pos=\"5899\">Edit the <strong data-renderer-mark=\"true\">trust policy<\/strong>, you can reference the script below<\/p>\n<p data-renderer-start-pos=\"5958\"><strong data-renderer-mark=\"true\">Note<\/strong>: You need to replace the AWS field with your Lambda execution ARN. In this example, we provide the Lambda execution ARN which we created in the previous step<\/p>\n<pre data-renderer-start-pos=\"5958\">{\r\n\"Version\": \"2012-10-17\",\r\n\"Statement\": [\r\n{\r\n\"Effect\": \"Allow\",\r\n\"Principal\": {\r\n\"AWS\": \"arn:aws:iam::521503820723:role\/service-role\/usermigration-role-qj7yr2q6\"\r\n},\r\n\"Action\": \"sts:AssumeRole\",\r\n\"Condition\": {\r\n\"StringEquals\": {\r\n\"sts:ExternalId\": \"externalcognito\"\r\n}\r\n}\r\n}\r\n]\r\n}<\/pre>\n<p data-renderer-start-pos=\"6560\">Please note down the external ID value and the role ARN of the cross-account. We will configure the Lambda environment later<\/p>\n<p data-renderer-start-pos=\"6560\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-075515.png\" alt=\"\" width=\"1460\" height=\"756\" class=\"alignnone size-full wp-image-3477\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-075515.png 1460w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-075515-300x155.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-075515-1024x530.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-075515-768x398.png 768w\" sizes=\"(max-width: 1460px) 100vw, 1460px\" \/><\/p>\n<h3 id=\"5.7-Configure-the-environment-variables-in-the-Lambda-function-of-the-destination-account\" data-renderer-start-pos=\"6689\">5.7 Configure the environment variables in the Lambda function of the destination account<span role=\"presentation\" class=\"heading-anchor-wrapper\"><\/span><\/h3>\n<p data-renderer-start-pos=\"6780\">Log in to the destination account and navigate to the Lambda function that we created in the previous steps<\/p>\n<p data-renderer-start-pos=\"6889\">Go to the configuration menu, select the environment variables, and provide the noted values in the environment<\/p>\n<p data-renderer-start-pos=\"7003\"><strong data-renderer-mark=\"true\">Note<\/strong>: OLD_CLIENT_ID = &lt;your-client-id &gt;,OLD_EXTERNAL_ID = externalcognito, OLD_ROLE_ARN = &lt;your-role-arn&gt; , OLD_USER_POOL_ID = &lt;your-pool-id&gt;<\/p>\n<p data-renderer-start-pos=\"7003\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-080606.png\" alt=\"\" width=\"1004\" height=\"722\" class=\"alignnone size-full wp-image-3478\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-080606.png 1004w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-080606-300x216.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-080606-768x552.png 768w\" sizes=\"(max-width: 1004px) 100vw, 1004px\" \/><\/p>\n<p data-renderer-start-pos=\"7150\"><strong data-renderer-mark=\"true\">5.8 Testing and Validation <\/strong><\/p>\n<p data-renderer-start-pos=\"7179\">The User Migration trigger executes a Lambda function whenever a user isn\u2019t found in the User Pool during login. so, Cognito will automatically create the user in the new User Pool<\/p>\n<p data-renderer-start-pos=\"7361\">To migrate the users, we need to access the new user pool&#8217;s URL endpoint<\/p>\n<p data-renderer-start-pos=\"7435\"><strong data-renderer-mark=\"true\">Note<\/strong>: You need to provide your Cognito domain, app client ID, and callback URL of the destination Cognito user pool<\/p>\n<p data-renderer-start-pos=\"7435\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083422.png\" alt=\"\" width=\"1435\" height=\"461\" class=\"alignnone size-full wp-image-3479\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083422.png 1435w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083422-300x96.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083422-1024x329.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083422-768x247.png 768w\" sizes=\"(max-width: 1435px) 100vw, 1435px\" \/><\/p>\n<p data-renderer-start-pos=\"7435\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083448.png\" alt=\"\" width=\"1430\" height=\"349\" class=\"alignnone size-full wp-image-3480\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083448.png 1430w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083448-300x73.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083448-1024x250.png 1024w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083448-768x187.png 768w\" sizes=\"(max-width: 1430px) 100vw, 1430px\" \/><\/p>\n<p data-renderer-start-pos=\"7560\">kindly reference below the endpoint<\/p>\n<pre data-renderer-start-pos=\"7560\">https:\/\/&lt;your domain&gt;\/oauth2\/authorize?response_type=code&amp;client_id=&lt;your app client id&gt;&amp;redirect_uri=&lt;your callback url&gt;<\/pre>\n<p data-renderer-start-pos=\"7726\">Access the endpoint URL in your browser, it will take you to the sign-in page<\/p>\n<p data-renderer-start-pos=\"7806\">log in with the same old user credentials of the source account cognito user<\/p>\n<p data-renderer-start-pos=\"7806\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083846.png\" alt=\"\" width=\"756\" height=\"541\" class=\"alignnone size-full wp-image-3481\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083846.png 756w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-083846-300x215.png 300w\" sizes=\"(max-width: 756px) 100vw, 756px\" \/><\/p>\n<p data-renderer-start-pos=\"7887\">Click &#8216;Sign In&#8217;; it will sign in through the newly created user pool<\/p>\n<p data-renderer-start-pos=\"7957\">After signing in, navigate to the newly created user pool in the destination account, where you can see the signed-in user generated in the new user pool<\/p>\n<p data-renderer-start-pos=\"7957\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-084653.png\" alt=\"\" width=\"999\" height=\"253\" class=\"alignnone size-full wp-image-3482\" srcset=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-084653.png 999w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-084653-300x76.png 300w, https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image-20240409-084653-768x194.png 768w\" sizes=\"(max-width: 999px) 100vw, 999px\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction AWS Cognito provides a comprehensive set of authentication, authorization, and user management features, making it a popular choice for many modern applications. When migrating AWS Cognito to a different AWS account, it&#8217;s essential to ensure a seamless transition without impacting the user experience or compromising security. This tutorial is also published on our YouTube [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":3485,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io\" \/>\n<meta property=\"og:description\" content=\"Introduction AWS Cognito provides a comprehensive set of authentication, authorization, and user management features, making it a popular choice for many modern applications. When migrating AWS Cognito to a different AWS account, it&#8217;s essential to ensure a seamless transition without impacting the user experience or compromising security. This tutorial is also published on our YouTube [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\" \/>\n<meta property=\"og:site_name\" content=\"easydeploy.io\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-09T10:54:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-09T11:22:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1582\" \/>\n\t<meta property=\"og:image:height\" content=\"894\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Niyaz H\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Niyaz H\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\"},\"author\":{\"name\":\"Niyaz H\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/788a871d3da047e5a3c0972126706aa9\"},\"headline\":\"How to migrate AWS Cognito user pool to another AWS account. No password change.\",\"datePublished\":\"2024-04-09T10:54:39+00:00\",\"dateModified\":\"2024-04-09T11:22:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\"},\"wordCount\":1194,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png\",\"articleSection\":[\"Amazon Web Services\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\",\"name\":\"How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io\",\"isPartOf\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png\",\"datePublished\":\"2024-04-09T10:54:39+00:00\",\"dateModified\":\"2024-04-09T11:22:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png\",\"contentUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png\",\"width\":1582,\"height\":894,\"caption\":\"AWS Cognito users migration\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.easydeploy.io\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to migrate AWS Cognito user pool to another AWS account. No password change.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#website\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/\",\"name\":\"easydeploy.io\",\"description\":\"A Cloud Architect Company\",\"publisher\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.easydeploy.io\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#organization\",\"name\":\"EasyDeploy Technologies Pvt Ltd\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png\",\"contentUrl\":\"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png\",\"width\":536,\"height\":100,\"caption\":\"EasyDeploy Technologies Pvt Ltd\"},\"image\":{\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/788a871d3da047e5a3c0972126706aa9\",\"name\":\"Niyaz H\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f0d572c1d6680b37343dbdb9b97e2dd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f0d572c1d6680b37343dbdb9b97e2dd?s=96&d=mm&r=g\",\"caption\":\"Niyaz H\"},\"sameAs\":[\"http:\/\/easydeploy.io\"],\"url\":\"https:\/\/www.easydeploy.io\/blog\/author\/niyaz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/","og_locale":"en_GB","og_type":"article","og_title":"How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io","og_description":"Introduction AWS Cognito provides a comprehensive set of authentication, authorization, and user management features, making it a popular choice for many modern applications. When migrating AWS Cognito to a different AWS account, it&#8217;s essential to ensure a seamless transition without impacting the user experience or compromising security. This tutorial is also published on our YouTube [&hellip;]","og_url":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/","og_site_name":"easydeploy.io","article_published_time":"2024-04-09T10:54:39+00:00","article_modified_time":"2024-04-09T11:22:08+00:00","og_image":[{"width":1582,"height":894,"url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png","type":"image\/png"}],"author":"Niyaz H","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Niyaz H","Estimated reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#article","isPartOf":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/"},"author":{"name":"Niyaz H","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/788a871d3da047e5a3c0972126706aa9"},"headline":"How to migrate AWS Cognito user pool to another AWS account. No password change.","datePublished":"2024-04-09T10:54:39+00:00","dateModified":"2024-04-09T11:22:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/"},"wordCount":1194,"commentCount":0,"publisher":{"@id":"https:\/\/www.easydeploy.io\/blog\/#organization"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage"},"thumbnailUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png","articleSection":["Amazon Web Services"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/","url":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/","name":"How to migrate AWS Cognito user pool to another AWS account. No password change. | easydeploy.io","isPartOf":{"@id":"https:\/\/www.easydeploy.io\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage"},"thumbnailUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png","datePublished":"2024-04-09T10:54:39+00:00","dateModified":"2024-04-09T11:22:08+00:00","breadcrumb":{"@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#primaryimage","url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png","contentUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2024\/04\/image.png","width":1582,"height":894,"caption":"AWS Cognito users migration"},{"@type":"BreadcrumbList","@id":"https:\/\/www.easydeploy.io\/blog\/how-to-migrate-aws-cognito-user-pool-to-another-aws-account\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.easydeploy.io\/blog\/"},{"@type":"ListItem","position":2,"name":"How to migrate AWS Cognito user pool to another AWS account. No password change."}]},{"@type":"WebSite","@id":"https:\/\/www.easydeploy.io\/blog\/#website","url":"https:\/\/www.easydeploy.io\/blog\/","name":"easydeploy.io","description":"A Cloud Architect Company","publisher":{"@id":"https:\/\/www.easydeploy.io\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.easydeploy.io\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.easydeploy.io\/blog\/#organization","name":"EasyDeploy Technologies Pvt Ltd","url":"https:\/\/www.easydeploy.io\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png","contentUrl":"https:\/\/www.easydeploy.io\/blog\/wp-content\/uploads\/2019\/02\/easydeploy.png","width":536,"height":100,"caption":"EasyDeploy Technologies Pvt Ltd"},"image":{"@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/788a871d3da047e5a3c0972126706aa9","name":"Niyaz H","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.easydeploy.io\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6f0d572c1d6680b37343dbdb9b97e2dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f0d572c1d6680b37343dbdb9b97e2dd?s=96&d=mm&r=g","caption":"Niyaz H"},"sameAs":["http:\/\/easydeploy.io"],"url":"https:\/\/www.easydeploy.io\/blog\/author\/niyaz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/3432"}],"collection":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/comments?post=3432"}],"version-history":[{"count":5,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/3432\/revisions"}],"predecessor-version":[{"id":3488,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/posts\/3432\/revisions\/3488"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/media\/3485"}],"wp:attachment":[{"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/media?parent=3432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/categories?post=3432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.easydeploy.io\/blog\/wp-json\/wp\/v2\/tags?post=3432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}