Lexi uses Amazon Cognito for authentication:
# List user pools
aws cognito-idp list-user-pools \
--max-results 10 \
--region <REGION>
# Describe user pool details
aws cognito-idp describe-user-pool \
--user-pool-id <USER_POOL_ID> \
--region <REGION>
Results will include:
# List app clients
aws cognito-idp list-user-pool-clients \
--user-pool-id <USER_POOL_ID> \
--region <REGION>
# Describe app client
aws cognito-idp describe-user-pool-client \
--user-pool-id <USER_POOL_ID> \
--client-id <CLIENT_ID> \
--region <REGION>
Results will include:
# List all users
aws cognito-idp list-users \
--user-pool-id <USER_POOL_ID> \
--region <REGION>
# List users with filter
aws cognito-idp list-users \
--user-pool-id <USER_POOL_ID> \
--filter 'email = "user@example.com"' \
--region <REGION>
# Create user
aws cognito-idp admin-create-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--user-attributes Name=email,Value=user@example.com Name=name,Value="John Doe" \
--temporary-password TempPassword123! \
--region <REGION>
# Get specific user
aws cognito-idp admin-get-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
# Update user attributes
aws cognito-idp admin-update-user-attributes \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--user-attributes Name=email,Value=newemail@example.com \
--region <REGION>
# Delete user
aws cognito-idp admin-delete-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
# Reset password
aws cognito-idp admin-set-user-password \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--password NewPassword123! \
--permanent \
--region <REGION>
# Get Lambda config
aws cognito-idp describe-user-pool \
--user-pool-id <USER_POOL_ID> \
--region <REGION> \
--query 'UserPool.LambdaConfig'
Results will include:
# List groups
aws cognito-idp list-groups \
--user-pool-id <USER_POOL_ID> \
--region <REGION>
# List groups for user
aws cognito-idp admin-list-groups-for-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
# List user devices
aws cognito-idp list-devices \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
# View sign-in attempts
aws cloudwatch get-metric-statistics \
--namespace AWS/Cognito \
--metric-name SignInSuccesses \
--start-time 2026-05-01T00:00:00Z \
--end-time 2026-05-02T00:00:00Z \
--period 3600 \
--statistics Sum \
--region <REGION>
# View sign-in failures
aws cloudwatch get-metric-statistics \
--namespace AWS/Cognito \
--metric-name SignInThrottles \
--start-time 2026-05-01T00:00:00Z \
--end-time 2026-05-02T00:00:00Z \
--period 3600 \
--statistics Sum \
--region <REGION>
Issue: User cannot sign in
# Check user status
aws cognito-idp admin-get-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
# Check user attributes
aws cognito-idp admin-get-user \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION> \
--query 'UserAttributes'
Issue: Lambda trigger not working
# Check Lambda logs
aws logs tail /aws/lambda/<TRIGGER_FUNCTION_NAME> \
--region <REGION> \
--follow
# Check Lambda permissions
aws lambda get-policy \
--function-name <TRIGGER_FUNCTION_NAME> \
--region <REGION>
Issue: User locked
# Unlock user
aws cognito-idp admin-reset-user-password \
--user-pool-id <USER_POOL_ID> \
--username <USERNAME> \
--region <REGION>
Continue to S3 to learn how to manage audio storage.