CognitoIdentityProvider / Client / list_users_in_group



Lists the users in the specified group.


Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.list_users_in_group(
  • UserPoolId (string) –


    The user pool ID for the user pool.

  • GroupName (string) –


    The name of the group.

  • Limit (integer) – The maximum number of users that you want to retrieve before pagination.

  • NextToken (string) – An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

Return type:



Response Syntax

    'Users': [
            'Username': 'string',
            'Attributes': [
                    'Name': 'string',
                    'Value': 'string'
            'UserCreateDate': datetime(2015, 1, 1),
            'UserLastModifiedDate': datetime(2015, 1, 1),
            'Enabled': True|False,
            'MFAOptions': [
                    'DeliveryMedium': 'SMS'|'EMAIL',
                    'AttributeName': 'string'
    'NextToken': 'string'

Response Structure

  • (dict) –

    • Users (list) –

      A list of users in the group, and their attributes.

      • (dict) –

        A user profile in a Amazon Cognito user pool.

        • Username (string) –

          The user name of the user you want to describe.

        • Attributes (list) –

          A container with information about the user type attributes.

          • (dict) –

            Specifies whether the attribute is standard or custom.

            • Name (string) –

              The name of the attribute.

            • Value (string) –

              The value of the attribute.

        • UserCreateDate (datetime) –

          The creation date of the user.

        • UserLastModifiedDate (datetime) –

          The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

        • Enabled (boolean) –

          Specifies whether the user is enabled.

        • UserStatus (string) –

          The user status. This can be one of the following:

          • UNCONFIRMED - User has been created but not confirmed.

          • CONFIRMED - User has been confirmed.

          • EXTERNAL_PROVIDER - User signed in with a third-party IdP.

          • UNKNOWN - User status isn’t known.

          • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.

          • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

        • MFAOptions (list) –

          The MFA options for the user.

          • (dict) –

            This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

            • DeliveryMedium (string) –

              The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

            • AttributeName (string) –

              The attribute name of the MFA option type. The only valid value is phone_number.

    • NextToken (string) –

      An identifier that you can use in a later request to return the next set of items in the list.


  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException