Comments (3)
Hi @allquixotic,
The solution hits Organizations API in only this scenario: when you had a link created with a root
or ou_id
scope value. When such a link is created, the solution triggers a state machine to resolve the target accounts list and this is only triggered when the permission set and the principal (user/group) referred in the link exists. This operation is also triggered only once for provisioning the link payload.
SCIM operations being done would trigger the solution calling AWS Identity Store API to resolve the GUID's for the username/group display name i.e. they don't trigger the Organizations API.
With regards to the no of times the Organizations API is invoked by the solution, you could look in your orgmain account us-east-1 region and see the number of runs the step function env-processTargetAccountSM
is run. This is the maximum no of times the solution may have hit the Organizations API. I say maximum, because this state machine is triggered for root
, ou_id
and account_tag
scopes , however Organizations API is only called for root
and ou_id
scopes only.
Hope this helps clarify. Do let us know if you have any other questions
from aws-iam-identity-center-extensions.
Hi @allquixotic , following up on this - do you need any other info from our end around this question?
from aws-iam-identity-center-extensions.
Hi, I'm all good with the info you provided. Thanks a lot - very informative. Since this isn't an issue with SSOEx, I'll close the issue.
from aws-iam-identity-center-extensions.
Related Issues (20)
- Update Deprecated Lambda Runtimes nodejs 12.x HOT 1
- Workshop updates HOT 1
- Unhandled exceptions when upgrading to 3.1.7 HOT 8
- Permission sets aren't provisioning in 3.1.7 HOT 3
- Unable to deploy 3.1.7
- Permission set doesn't update despite all good signs
- Trio of exception emails when uploading new permission sets
- Restricting creating Permission Sets without attaching the Permission Boundary for the same. HOT 1
- yarn install doesn't work HOT 1
- "User is missing the following permissions" error when trying to region switch HOT 1
- 3.2.0 introduces resource update behaviour bugs for IAM roles HOT 1
- Permission set schema doesn't handle NotAction and NotResource HOT 6
- ThrottlingException HOT 6
- Account provisioning does not work for tripple nested OUs HOT 4
- Permission sets failing to create with no SNS error HOT 9
- Option to make APIs / S3 uploads "always update" the solution HOT 2
- Space in group or user name should raise error
- Add customer managed policy and permission boundaries HOT 2
- Typo in Json Schema HOT 3
- AWS SSO renamed to AWS IAM Identity Center HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-iam-identity-center-extensions.