AWS client.admin_user_global_sign_out says 'Unable to locate credentials'

1

I am trying to signout from my AWS console session using in python using boto3,

client = boto3.client('cognito-idp') response = client.global_sign_out( AccessToken='string' )

but I get 'Unable to locate credentials' exception. Where as the same works fine with AWS cloudshell

1 Answer
3

If you are really using client.admin_user_global_sign_out therefore you are using an Administrative action on an Adminstrative Cognito API and require AWS credentials on top of the valid Access Token. See https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.admin_user_global_sign_out

You might not have a credential file in your non-Cloudshell environment therefore the error.

Now if you are client.global_sign_out providing only the valid Access Token must work.

Please confirm which one you are using.

AWS
answered 2 years ago
  • Thanks for the explanation... I used 'client.global_sign_out' and it worked for me...

  • Hi! I'm facing the same issue... as the question states, I'm using client.global_sign_out (not the admin* one) but it raises 'Unable to locate credentials' exception. I can confirm that it works with credentials stored in ~/.aws. What could I do to fix it? If there is the need to have stored credentials for both global_sign_out and admin_user_global_sign_out methods, how can I let a normal user to perform sign out without having those credentials?

  • ok, just solved by specifing config parameter, equivalent to --no-sign-request of the CLI: https://github.com/boto/boto3/issues/1200#issuecomment-319141394

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions