:doc:`CognitoIdentityProvider <../../cognito-idp>` / Client / list_users

**********
list_users
**********



.. py:method:: CognitoIdentityProvider.Client.list_users(**kwargs)

  

  Given a user pool ID, returns a list of users and their basic details in a user pool.

   

  .. note::

    

    Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

     

    **Learn more**

     

    
    * `Signing Amazon Web Services API Requests <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html>`__
     
    * `Using the Amazon Cognito user pools API and user pool endpoints <https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html>`__
    

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/ListUsers>`_  


  **Request Syntax**
  ::

    response = client.list_users(
        UserPoolId='string',
        AttributesToGet=[
            'string',
        ],
        Limit=123,
        PaginationToken='string',
        Filter='string'
    )
    
  :type UserPoolId: string
  :param UserPoolId: **[REQUIRED]** 

    The ID of the user pool where you want to display or search for users.

    

  
  :type AttributesToGet: list
  :param AttributesToGet: 

    A JSON array of user attribute names, for example ``given_name``, that you want Amazon Cognito to include in the response for each user. When you don't provide an ``AttributesToGet`` parameter, Amazon Cognito returns all attributes for each user.

     

    Use ``AttributesToGet`` with required attributes in your user pool, or in conjunction with ``Filter``. Amazon Cognito returns an error if not all users in the results have set a value for the attribute you request. Attributes that you can't filter on, including custom attributes, must have a value set in every user profile before an ``AttributesToGet`` parameter returns results.

    

  
    - *(string) --* 

    

  :type Limit: integer
  :param Limit: 

    The maximum number of users that you want Amazon Cognito to return in the response.

    

  
  :type PaginationToken: string
  :param PaginationToken: 

    This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

    

  
  :type Filter: string
  :param Filter: 

    A filter string of the form ``"AttributeName Filter-Type "AttributeValue"``. Quotation marks within the filter string must be escaped using the backslash ( ``\``) character. For example, ``"family_name = \"Reddy\""``.

     

    
    * *AttributeName*: The name of the attribute to search for. You can only search for one attribute at a time.
     
    * *Filter-Type*: For an exact match, use ``=``, for example, " ``given_name = \"Jon\"``". For a prefix ("starts with") match, use ``^=``, for example, " ``given_name ^= \"Jon\"``".
     
    * *AttributeValue*: The attribute value that must be matched for each user.
    

     

    If the filter string is empty, ``ListUsers`` returns all users in the user pool.

     

    You can only search for the following standard attributes:

     

    
    * ``username`` (case-sensitive)
     
    * ``email``
     
    * ``phone_number``
     
    * ``name``
     
    * ``given_name``
     
    * ``family_name``
     
    * ``preferred_username``
     
    * ``cognito:user_status`` (called **Status** in the Console) (case-insensitive)
     
    * ``status (called **Enabled** in the Console) (case-sensitive)``
     
    * ``sub``
    

     

    Custom attributes aren't searchable.

     

    .. note::

      

      You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the ``--query`` parameter of the ``list-users`` action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.

       

      For more information about server-side and client-side filtering, see `FilteringCLI output <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html>`__ in the `Command Line Interface User Guide <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html>`__.

      

     

    For more information, see `Searching for Users Using the ListUsers API <https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api>`__ and `Examples of Using the ListUsers API <https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples>`__ in the *Amazon Cognito Developer Guide*.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'Users': [
              {
                  'Username': 'string',
                  'Attributes': [
                      {
                          'Name': 'string',
                          'Value': 'string'
                      },
                  ],
                  'UserCreateDate': datetime(2015, 1, 1),
                  'UserLastModifiedDate': datetime(2015, 1, 1),
                  'Enabled': True|False,
                  'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD'|'EXTERNAL_PROVIDER',
                  'MFAOptions': [
                      {
                          'DeliveryMedium': 'SMS'|'EMAIL',
                          'AttributeName': 'string'
                      },
                  ]
              },
          ],
          'PaginationToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 

      The response from the request to list users.

      
      

      - **Users** *(list) --* 

        An array of user pool users who match your query, and their attributes.

        
        

        - *(dict) --* 

          A user profile in a Amazon Cognito user pool.

          
          

          - **Username** *(string) --* 

            The user's username.

            
          

          - **Attributes** *(list) --* 

            Names and values of a user's attributes, for example ``email``.

            
            

            - *(dict) --* 

              The name and value of a user attribute.

              
              

              - **Name** *(string) --* 

                The name of the attribute.

                
              

              - **Value** *(string) --* 

                The value of the attribute.

                
          
        
          

          - **UserCreateDate** *(datetime) --* 

            The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ``Date`` object.

            
          

          - **UserLastModifiedDate** *(datetime) --* 

            The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ``Date`` object.

            
          

          - **Enabled** *(boolean) --* 

            Indicates whether the user's account is enabled or disabled.

            
          

          - **UserStatus** *(string) --* 

            The user status. This can be one of the following:

             

            
            * ``UNCONFIRMED``: User has been created but not confirmed.
             
            * ``CONFIRMED``: User has been confirmed.
             
            * ``EXTERNAL_PROVIDER``: User signed in with a third-party IdP.
             
            * ``RESET_REQUIRED``: User is confirmed, but the user must request a code and reset their password before they can sign in.
             
            * ``FORCE_CHANGE_PASSWORD``: The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.
            

             

            The statuses ``ARCHIVED``, ``UNKNOWN``, and ``COMPROMISED`` are no longer used.

            
          

          - **MFAOptions** *(list) --* 

            The user's MFA configuration.

            
            

            - *(dict) --* 

              *This data type is no longer supported.* Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

              
              

              - **DeliveryMedium** *(string) --* 

                The delivery medium to send the MFA code. You can use this parameter to set only the ``SMS`` delivery medium value.

                
              

              - **AttributeName** *(string) --* 

                The attribute name of the MFA option type. The only valid value is ``phone_number``.

                
          
        
      
    
      

      - **PaginationToken** *(string) --* 

        The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

        
  
  **Exceptions**
  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.TooManyRequestsException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.NotAuthorizedException`

  
  *   :py:class:`CognitoIdentityProvider.Client.exceptions.InternalErrorException`

  