Gets the specified user by user name in a user pool as an administrator. Works on any user.

Calling this action requires developer credentials.

See also: AWS API Documentation

Request Syntax

response = client.admin_get_user(
  • UserPoolId (string) --


    The user pool ID for the user pool where you want to get information about the user.

  • Username (string) --


    The user name of the user you want to retrieve.

Return type



Response Syntax

    'Username': 'string',
    'UserAttributes': [
            'Name': 'string',
            'Value': 'string'
    'UserCreateDate': datetime(2015, 1, 1),
    'UserLastModifiedDate': datetime(2015, 1, 1),
    'Enabled': True|False,
    'MFAOptions': [
            'DeliveryMedium': 'SMS'|'EMAIL',
            'AttributeName': 'string'
    'PreferredMfaSetting': 'string',
    'UserMFASettingList': [

Response Structure

  • (dict) --

    Represents the response from the server from the request to get the specified user as an administrator.

    • Username (string) --

      The user name of the user about whom you're receiving information.

    • UserAttributes (list) --

      An array of name-value pairs representing user attributes.

      • (dict) --

        Specifies whether the attribute is standard or custom.

        • Name (string) --

          The name of the attribute.

        • Value (string) --

          The value of the attribute.

    • UserCreateDate (datetime) --

      The date the user was created.

    • UserLastModifiedDate (datetime) --

      The date the user was last modified.

    • Enabled (boolean) --

      Indicates that the status is enabled .

    • UserStatus (string) --

      The user status. Can be one of the following:

      • UNCONFIRMED - User has been created but not confirmed.
      • CONFIRMED - User has been confirmed.
      • ARCHIVED - User is no longer active.
      • UNKNOWN - User status isn't known.
      • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.
      • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
    • MFAOptions (list) --

      This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.

      • (dict) --

        This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

        • DeliveryMedium (string) --

          The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

        • AttributeName (string) --

          The attribute name of the MFA option type. The only valid value is phone_number .

    • PreferredMfaSetting (string) --

      The user's preferred MFA setting.

    • UserMFASettingList (list) --

      The MFA options that are activated for the user. The possible values in this list are SMS_MFA and SOFTWARE_TOKEN_MFA .

      • (string) --


  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException
  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
  • CognitoIdentityProvider.Client.exceptions.UserNotFoundException
  • CognitoIdentityProvider.Client.exceptions.InternalErrorException