AWS client.admin_user_global_sign_out says 'Unable to locate credentials'

I am trying to signout from my AWS console session using in python using boto3,

client = boto3.client('cognito-idp') response = client.global_sign_out( AccessToken='string' )

but I get 'Unable to locate credentials' exception. Where as the same works fine with AWS cloudshell

Topics

Tags

Language

English

asked a year ago377 views

1 Answer

If you are really using client.admin_user_global_sign_out therefore you are using an Administrative action on an Adminstrative Cognito API and require AWS credentials on top of the valid Access Token. See https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.admin_user_global_sign_out

You might not have a credential file in your non-Cloudshell environment therefore the error.

Now if you are client.global_sign_out providing only the valid Access Token must work.

Please confirm which one you are using.

answered a year ago

DSRC USER
a year ago
Thanks for the explanation... I used 'client.global_sign_out' and it worked for me...
riccardogabellone
a year ago
Hi! I'm facing the same issue... as the question states, I'm using client.global_sign_out (not the admin* one) but it raises 'Unable to locate credentials' exception. I can confirm that it works with credentials stored in ~/.aws. What could I do to fix it? If there is the need to have stored credentials for both global_sign_out and admin_user_global_sign_out methods, how can I let a normal user to perform sign out without having those credentials?
riccardogabellone
a year ago
ok, just solved by specifing config parameter, equivalent to --no-sign-request of the CLI: https://github.com/boto/boto3/issues/1200#issuecomment-319141394

Relevant content