aws cognito-idp admin-initiate-auth \
--user-pool-id us-west-2_xxxx \
--client-id xxxx \
--auth-flow ADMIN_NO_SRP_AUTH \
--auth-parameters \
USERNAME=xxxx,PASSWORD=xxxx
  -> sessionが取得できる 

aws cognito-idp admin-respond-to-auth-challenge \
--user-pool-id us-west-2_xxxx \
--client-id xxxx \
--challenge-name NEW_PASSWORD_REQUIRED \
--challenge-responses NEW_PASSWORD='xxxx',USERNAME=xxxx \
--session "xxx"

    {
      "sub": "3ad0a201-912d-4ab2-8a93-597a896d3eea",
      "aud": "{App Client Id}",
      "email_verified": true,
      "event_id": "81775974-6b0d-11e9-803b-1946dd43098e",
      "token_use": "id",
      "auth_time": 1556604136,
      "iss": "https://cognito-idp.us-west-2.amazonaws.com/{UserPool Id}",
      "cognito:username": "{UserId}",
      "exp": 1556607736,
      "iat": 1556604136,
      "email": "{Email}"
    }