-
Notifications
You must be signed in to change notification settings - Fork 12
AWS‐CLI‐for‐Blossom
aws cognito-idp /?
aws cognito-idp help
aws cognito-idp admin-create-user --user-pool-id <user-pool-id> --username <username> --output yaml
--user-pool-id (string)
The user pool ID for the user pool where the user will be created.
--username (string)
The value that you want to set as the username sign-in attribute.
--output (string)
The formatting style for command output.
--user-attributes (list)
An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created.
Lists users and their basic details in a user pool.
aws cognito-idp list-users --user-pool-id <user-pool-id>
Gets the specified user by user name in a user pool as an administrator. Works on any user.
aws cognito-idp admin-get-user --user-pool-id <user-pool-id> --username <username>
Gets the user attributes and metadata for a user. (WITHOUT using IAM policies)
aws cognito-idp get-user --access-token <token>
--access-token (string)
A non-expired access token for the user whose information you want to query.
Enables the specified user as an administrator. Works on any user.
aws cognito-idp admin-enable-user --user-pool-id <user-pool-id> --username <username>
Deactivates a user and revokes all access tokens for the user. A deactivated user can't sign in, but still appears in the responses to GetUser and ListUsers API requests.
aws cognito-idp admin-disable-user --user-pool-id <user-pool-id> --username <username>
Adds additional user attributes to the user pool schema.
aws cognito-idp add-custom-attributes --user-pool-id <user-pool-id> --custom-attributes <attributes>
--custom-attributes (list)
An array of custom attributes, such as Mutable and Name.
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom: prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
aws cognito-idp admin-update-user-attributes --user-pool-id <user-pool-id> --username <username> --user-attributes <attributes>
--user-attributes (list)
An array of name-value pairs representing user attributes.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Deletes a user as an administrator. Works on any user.
aws cognito-idp admin-delete-user --user-pool-id <user-pool-id> --username <username>
Deletes the user attributes in a user pool as an administrator. Works on any user.
aws cognito-idp admin-delete-user-attributes --user-pool-id <user-pool-id> --username <username> --user-attribute-names <attributes>
--user-attribute-names (list)
An array of strings representing the user attribute names you want to delete. For custom attributes, you must prepend the custom: prefix to the attribute name.
Syntax: "string" "string" ...
Allows a user to delete their own user profile. (WITHOUT using IAM policies)
aws cognito-idp delete-user --access-token <token>
--access-token (string)
A valid access token that Amazon Cognito issued to the user whose user profile you want to delete.
Deletes the attributes for a user. (WITHOUT using IAM policies)
aws cognito-idp delete-user-attributes --access-token <token> --user-attribute-names <attributes>
--user-attribute-names (list)
An array of strings representing the user attribute names you want to delete.
--access-token (string)
A valid access token that Amazon Cognito issued to the user whose attributes you want to delete.
-
-
Register user: usually done by CA Admin see details in fabric-ca guide
-
fabric-ca-client register -d \
# Using -d flag activates debugging-mode, which is useful if something goes wrong
--id.name <user-name> \
--id.secret <user-password> \
--id.type client \
# Can have value from the following list [peer, orderer, admin, client]
--id.attrs 'blossom.role=<Blossom AMB Role>' \
# Block-Chain Roles from list: ['Authorizing Official', 'Acquisition Officer', 'License Owner']
# E.g. 'blossom.role=Authorizing Official'
-u <CA URL> \
# Look up the CA-URL value in AMB configuration
--mspdir <admin-msp-dir> \
# E.g. /home/ec2-user/b@-clients/admin-msp (Only Dir-Name, no file)
--tls.certfiles <cert-file.pem>
# E.g. /home/ec2-user/managedblockchain-tls-chain.pem (Usually .pem file)-
Alternative to ENROLL can be ADD, which is especially useful when the user description exists in JSON format
fabric-ca-client register -d \
# Using -d flag activates debugging-mode, which is useful if something goes wrong
--id.name <user-name> \
--id.secret <user-password> \
--id.type client \
# Can have value from the following list [peer, orderer, admin, client]
--id.attrs 'blossom.role=Authorizing Official' \
# Block-Chain Roles from list: ['Authorizing Official', 'Acquisition Officer', 'License Owner']
# E.g. 'blossom.role=Authorizing Official'
-u <CA-URL> \
# Look up the CA-URL value in AMB configuration
--mspdir <admin-msp-dir> \
# E.g. /home/ec2-user/b@-clients/admin-msp (Only Dir-Name, no file)
--tls.certfiles <cert-file.pem>
# E.g. /home/ec2-user/managedblockchain-tls-chain.pem (Usually .pem file)openssl x509 -in <full-path-to-pem-file.pem> -noout -textfabric-ca-client identity list \
--tls.certfiles <cert-file.pem>
# E.g. /home/ec2-user/managedblockchain-tls-chain.pem (Usually .pem file, TLS certificate not admin certificate)fabric-ca-client identity list --tls.certfiles /home/ec2-user/managedblockchain-tls-chain.pem --id <username>-
The recommendation from fabric-ca describes on the parameters on starting the server, but how to do it in AWS not clear from the AWS documentation
fabric-ca-client identity remove <user-name>
- Revoke disables identity and revokes all certificates associated with the identity. The user later can be still re-enrolled (see above)
fabric-ca-client revoke -d \
--revoke.name <user-name> \
-r <reason> \
# Optionally you can add reason from the following list: \
# [unspecified, keycompromise, cacompromise, affiliationchanged, superseded,\
# cessationofoperation, certificatehold, removefromcrl, privilegewithdrawn, aacompromise]\
-u https://<user-name>:<user-secret>@<CA-URL> \
--id.type client \
# Can have value from the following list [peer, orderer, admin, client] \
--mspdir <admin-msp-dir> \
# E.g. /home/ec2-user/b@-clients/admin-msp (Only Dir-Name, no file) \
--tls.certfiles <cert-file.pem> \
# E.g. /home/ec2-user/managedblockchain-tls-chain.pem (Usually .pem file) aws ssm put-parameter --name <parameter-name> --value <parameter-value> --type <String, StringList, SecureString>
Lists all parameters
aws ssm describe-parameters
Retrieve a parameter value
aws ssm get-parameter --name <parameter-name>
--with-decryption
decrypts the value of the specified SecureString parameter.
aws ssm get-parameters --names <parameter-name> <parameter-name> <parameter-name>
View history of all changes to parameter value
aws ssm get-parameter-history --name <parameter-name>
aws ssm put-parameter --name <parameter-name> --value <parameter-name> --type String --overwrite
Delete a parameter from the system. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
aws ssm delete-parameter --name <parameter-name>
Delete a list of parameters. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
aws ssm delete-parameters --names <parameter-name> <parameter-name> "<parameter-name>