Code Monkey home page Code Monkey logo

aws-iam-identity-center-explorer's Introduction

Project Logo

AWS IAM Identity Center explorer

About

A simple tool to get structured information about accounts and groups from the IAM Identity Center (successor to AWS Single Sign-On).

Why does this tool exist?

The IAM Identity Center (successor to AWS Single Sign-On) user interface in the browser console can be a hard and time-consuming to navigate. Especially if you want to the view the accounts attached to a group.

This tool doesn't do something you cannot do with the console or CLI. It just makes it easier to view it in one single overview.

How does it work?

To get an overview of the accounts attached to groups you have first retrieve various data and then parse the data. This is done as follows:

  1. Get all accounts in the organization
  2. Get the SSO permissions sets attached to those accounts
  3. List the account SSO assignments and filter the principalId with principalType GROUP
  4. Describe the SSO groups and get the DisplayName
  5. Parse the data as seen below

Data structure options

Data structure can be chosen by using the groups or accounts command

Groups

Accounts attached to groups:

{
  "GROUP_DISPLAY_NAME": [
    {
      "AccountName": "ACCOUNT_NAME",
      "AccountId": "ACCOUNT_ID"
    },
    {
      "AccountName": "ACCOUNT_NAME",
      "AccountId": "ACCOUNT_ID"
    }
  ]
}

Accounts

Groups attached to accounts

{
  "ACCOUNT_ID": {
    "AccountName": "ACCOUNT_NAME",
    "Groups": [
      "GROUP_DISPLAY_NAME",
      "GROUP_DISPLAY_NAME"
    ]
  }
}

How to run

Required parameters:

  • --identityStoreId - The globally unique identifier for the identity store.
  • --instanceArn - The ARN of the IAM Identity Center instance under which the operation will be executed.
  • --region - The AWS region.

Groups data structure

go run . groups --identityStoreId IDENTITY_STORE_ID --instanceArn INSTANCE_ARN --region AWS_REGION

Accounts data structure

go run . accounts  --identityStoreId IDENTITY_STORE_ID --instanceArn INSTANCE_ARN --region AWS_REGION

AWS Authentication

The Tool uses the Go AWS SDK v2, and it detects AWS credentials set in your environment and uses them to sign requests to AWS.

The tool looks for credentials in the following environment variables:

  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN (optional)

aws-iam-identity-center-explorer's People

Contributors

tiborhercz avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

cpieper78

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.