Last active
October 11, 2025 19:49
-
-
Save skant09/d0dd30da57c0bc66ea76c9863eecdcea to your computer and use it in GitHub Desktop.
Change password for Cognito users
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { CognitoIdentityProviderClient, AdminSetUserPasswordCommand } from "@aws-sdk/client-cognito-identity-provider"; | |
| const REGION = "us-east-1"; | |
| const USER_POOL_ID = "us-east-1_xxxxxx"; | |
| const TEMP_PASSWORD = function(){ | |
| // generate a random password with 8 characters, including at least one uppercase letter, one lowercase letter, one number, and one special character | |
| const length = 12; | |
| const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+~`|}{[]:;?><,./-="; | |
| let password = ""; | |
| for (let i = 0, n = charset.length; i < length - 4; ++i) { | |
| password += charset.charAt(Math.floor(Math.random() * n)); | |
| } | |
| password += "ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt(Math.floor(Math.random() * 26)); // at least one uppercase | |
| password += "abcdefghijklmnopqrstuvwxyz".charAt(Math.floor(Math.random() * 26)); // at least one lowercase | |
| password += "0123456789".charAt(Math.floor(Math.random() * 10)); // at least one number | |
| password += "!@#$%^&*()_+~`|}{[]:;?><,./-=".charAt(Math.floor(Math.random() * 20)); // at least one special character | |
| return password; | |
| }; | |
| const CONCURRENCY = 3; // same as xargs -P 5 | |
| const MAX_RETRIES = 3; | |
| const client = new CognitoIdentityProviderClient({ region: REGION }); | |
| // Read all usernames from file | |
| const usernames = [ | |
| '[email protected]' | |
| ] | |
| // Function to set temporary password for one user | |
| async function setTempPassword(username, attempt = 1) { | |
| let password = TEMP_PASSWORD(); | |
| const cmd = new AdminSetUserPasswordCommand({ | |
| UserPoolId: USER_POOL_ID, | |
| Username: username, | |
| Password: password, | |
| Permanent: false, // equivalent to --no-permanent | |
| }); | |
| try { | |
| await client.send(cmd); | |
| console.log(`β [${attempt}] Set temporary password ${password} for ${username}`); | |
| } catch (err) { | |
| console.error(`β [${attempt}] Error for ${username}: ${err.message}`); | |
| if (attempt < MAX_RETRIES) { | |
| const delay = 1000 * attempt; // exponential backoff | |
| console.log(`π Retrying ${username} in ${delay / 1000}s...`); | |
| await new Promise(res => setTimeout(res, delay)); | |
| return setTempPassword(username, attempt + 1); | |
| } else { | |
| console.error(`π¨ Failed after ${MAX_RETRIES} attempts: ${username}`); | |
| } | |
| } | |
| } | |
| // Run tasks with concurrency limit | |
| async function run() { | |
| const queue = [...usernames]; | |
| const workers = Array(CONCURRENCY).fill(null).map(async () => { | |
| while (queue.length) { | |
| const username = queue.shift(); | |
| await setTempPassword(username); | |
| } | |
| }); | |
| await Promise.all(workers); | |
| console.log("β All done"); | |
| } | |
| run(); |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
cat email.txt | xargs -P 5 -I {} aws cognito-idp admin-set-user-password --region us-east-1 --user-pool-id us-east-1_XXXXX --username {} --password PASSWORD --debug --no-permanent