README
¶
AWS IAM Identity Center explorer
About
A simple tool to get structured information about accounts and groups from the IAM Identity Center (successor to AWS Single Sign-On).
Why does this tool exist?
The IAM Identity Center (successor to AWS Single Sign-On) user interface in the browser console can be a hard and time-consuming to navigate. Especially if you want to the view the accounts attached to a group.
This tool doesn't do something you cannot do with the console or CLI. It just makes it easier to view it in one single overview.
How does it work?
To get an overview of the accounts attached to groups you have first retrieve various data and then parse the data. This is done as follows:
- Get all accounts in the organization
- Get the SSO permissions sets attached to the accounts
- List the account SSO assignments and filter the principalId with principalType
GROUP - Describe the SSO groups and get the DisplayName
- Parse the data as seen below
Data structure options
Data structure can be chosen by using the groups or accounts command
Groups
Accounts attached to groups:
{
"GROUP_DISPLAY_NAME": [
{
"AccountName": "ACCOUNT_NAME",
"AccountId": "ACCOUNT_ID"
},
{
"AccountName": "ACCOUNT_NAME",
"AccountId": "ACCOUNT_ID"
}
]
}
Accounts
Groups attached to accounts
{
"ACCOUNT_ID": {
"AccountName": "ACCOUNT_NAME",
"Groups": [
"GROUP_DISPLAY_NAME",
"GROUP_DISPLAY_NAME"
]
}
}
How to run
Groups data structure
go run . groups --identityStoreId IDENTITY_STORE_ID --instanceArn INSTANCE_ARN
Groups data structure
go run . accounts --identityStoreId IDENTITY_STORE_ID --instanceArn INSTANCE_ARN
AWS Authentication
The Tool uses the Go AWS SDK v2, and it detects AWS credentials set in your environment and uses them to sign requests to AWS.
The tool looks for credentials in the following environment variables:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN(optional)
Documentation
¶
There is no documentation for this package.
Source Files
Directories