-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Marketplace Contribution] AWS - IAM Identity Center #28559
Changes from 11 commits
e7af513
d98dd67
bc400e6
af61566
377fafa
cc8ea72
bfc5d3f
623d822
cfcd652
295e5c2
a94b5e7
4085c7f
ee2502b
1dbc328
00bdf9c
856a0ad
047fa0c
ce66cc9
6bb673f
f0624e8
230a7e8
b2f0ee2
edc3d44
b5a6bc4
230ea93
13f5c7c
61619a4
0e22078
5d3e10e
aac101e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,221 @@ | ||
category: IT Services | ||
Check failure on line 1 in Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.yml
|
||
sectionOrder: | ||
- Connect | ||
- Collect | ||
commonfields: | ||
id: AWS - IAM Identity Center | ||
version: -1 | ||
configuration: | ||
- display: Role Arn | ||
name: roleArn | ||
required: false | ||
section: Connect | ||
type: 0 | ||
- display: Role Session Name | ||
name: roleSessionName | ||
required: false | ||
section: Connect | ||
type: 0 | ||
- advanced: true | ||
display: AWS Default Region | ||
name: defaultRegion | ||
options: | ||
- us-east-1 | ||
- us-east-2 | ||
- us-west-1 | ||
- us-west-2 | ||
- ca-central-1 | ||
- eu-west-1 | ||
- eu-central-1 | ||
- eu-west-2 | ||
- ap-northeast-1 | ||
- ap-northeast-2 | ||
- ap-southeast-1 | ||
- ap-southeast-2 | ||
- ap-south-1 | ||
- sa-east-1 | ||
- eu-north-1 | ||
- eu-west-3 | ||
- us-gov-east-1 | ||
- us-gov-west-1 | ||
required: false | ||
section: Collect | ||
type: 15 | ||
- advanced: true | ||
display: Role Session Duration | ||
name: sessionDuration | ||
required: false | ||
section: Connect | ||
type: 0 | ||
- display: Access Key | ||
displaypassword: Secret Key | ||
name: credentials | ||
required: false | ||
section: Connect | ||
type: 9 | ||
- display: Access Key | ||
hidden: true | ||
name: access_key | ||
required: true | ||
section: Connect | ||
type: 4 | ||
- display: Secret Key | ||
hidden: true | ||
name: secret_key | ||
required: true | ||
section: Connect | ||
type: 4 | ||
- additionalinfo: The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. | ||
defaultvalue: 60,10 | ||
display: Timeout | ||
name: timeout | ||
type: 0 | ||
section: Connect | ||
advanced: true | ||
required: false | ||
- additionalinfo: The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | ||
defaultvalue: '5' | ||
display: Retries | ||
name: retries | ||
type: 0 | ||
section: Connect | ||
advanced: true | ||
required: false | ||
- advanced: true | ||
display: Trust any certificate (not secure) | ||
name: insecure | ||
required: false | ||
section: Connect | ||
type: 8 | ||
- advanced: true | ||
display: Use system proxy settings | ||
name: proxy | ||
required: false | ||
section: Connect | ||
type: 8 | ||
- display: Identity Store Id | ||
name: IdentityStoreId | ||
required: true | ||
type: 4 | ||
contentitemexportablefields: | ||
contentitemfields: | ||
definitionid: "" | ||
fromServerVersion: "" | ||
itemVersion: "" | ||
packID: fc025940-2fe4-4adc-80c9-9ad7d8eb7bcd | ||
packName: AWS - IAM Identity Center Contribution Pack | ||
prevname: "" | ||
propagationLabels: | ||
- all | ||
toServerVersion: "" | ||
description: Amazon Web Services IAM Identity Center | ||
display: AWS - IAM Identity Center | ||
name: AWS - IAM Identity Center | ||
script: | ||
commands: | ||
- arguments: | ||
- description: The name of the user to create. | ||
name: userName | ||
required: true | ||
- name: familyName | ||
- name: givenName | ||
required: true | ||
- name: userEmailAddress | ||
required: true | ||
- name: displayName | ||
required: true | ||
description: Creates a new IAM Identity Center user for your AWS account. | ||
name: aws-iam-identitycenter-create-user | ||
outputs: | ||
- contextPath: AWS.IAMIdentityCenter.Users.UserId | ||
description: The date and time, when the user was created. | ||
type: date | ||
- arguments: | ||
- description: The name of the user to get information about. | ||
name: userName | ||
required: true | ||
description: Retrieves information about the specified IAM user, including the user creation date, path, unique ID, and ARN. | ||
name: aws-iam-identitycenter-get-user | ||
outputs: | ||
- contextPath: AWS.IAM.IdentityCenter.Users.UserName | ||
description: The friendly name identifying the user. | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.UserId | ||
description: The stable and unique string identifying the user. | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.Email | ||
description: The user email address | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.DisplayName | ||
description: The user display name in AWS IAM IdentityCenter | ||
- arguments: [] | ||
description: Lists the IAM users, returns all users in the AWS account. | ||
name: aws-iam-identitycenter-list-users | ||
outputs: | ||
- contextPath: AWS.IAMIdentityCenter.Users.UserName | ||
description: The friendly name identifying the user. | ||
type: string | ||
- contextPath: AWS.IAMIdentityCenter.Users.UserId | ||
description: The stable and unique string identifying the user. | ||
type: string | ||
- arguments: [] | ||
description: Lists all the IAM groups in the AWS account | ||
name: aws-iam-identitycenter-list-groups | ||
outputs: | ||
- contextPath: AWS.IAM.IdentityCenter.Groups.GroupName | ||
description: The friendly name that identifies the group. | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Groups.GroupId | ||
description: The stable and unique string identifying the group. | ||
type: string | ||
- arguments: | ||
- description: The name of the user to list groups for. | ||
name: userName | ||
required: true | ||
description: Lists the IAM groups that the specified IAM user belongs to. | ||
name: aws-iam-identitycenter-list-groups-for-user | ||
outputs: | ||
- contextPath: AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupName | ||
description: The friendly name that identifies the group. | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupId | ||
description: The stable and unique string identifying the group | ||
type: string | ||
- arguments: | ||
- description: The name of the user to add. | ||
name: userName | ||
required: true | ||
- description: The name of the group to update. | ||
name: groupName | ||
required: true | ||
description: Adds the specified user to the specified group. | ||
name: aws-iam-identitycenter-add-user-to-group | ||
- arguments: | ||
- name: groupName | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add a description here for this argument There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
required: true | ||
description: The name of the group to search. | ||
name: aws-iam-identitycenter-get-group | ||
- arguments: | ||
- description: Username that will be removed from all groups | ||
name: userName | ||
required: true | ||
description: This will remove the entered user from all groups/memberships | ||
name: aws-iam-identitycenter-remove-user-from-all-groups | ||
- arguments: | ||
- name: emailAddress | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add a description here for this argument There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done |
||
outputs: | ||
- contextPath: AWS.IAM.IdentityCenter.Users.UserName | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.Email | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.UserId | ||
type: string | ||
- contextPath: AWS.IAM.IdentityCenter.Users.DisplayName | ||
type: string | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add descriptions for these outputs |
||
description: This will get user information using email address | ||
name: aws-iam-identitycenter-get-user-by-email | ||
dockerimage: demisto/boto3py3:1.0.0.65194 | ||
runonce: false | ||
script: '' | ||
subtype: python3 | ||
type: python |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
AWS IAM Identity Center | ||
|
||
Author: Sameh El-Hakim | ||
|
||
With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and manage their access centrally across all their AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type. | ||
|
||
|
||
--- | ||
|
||
[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/aws-iam-identitycenter) | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please add a README file for the integration. You can use the documentation found here to do that. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Once you update the yml file, I will update the README to reflect the latest changes. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @anas-yousef all required changes are done, for your review please! |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
Amazon Web Services Identity and Access Management Identity Center(IAM) | ||
|
||
For detailed instructions about setting up authentication, see: [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication). | ||
|
||
|
||
## Configure AWS - IAM Identity Center on Cortex XSOAR | ||
|
||
1. Navigate to **Settings** > **Integrations** > **Servers & Services**. | ||
2. Search for AWS - IAM Identity Center. | ||
3. Click **Add instance** to create and configure a new integration instance. | ||
|
||
| **Parameter** | **Description** | **Required** | | ||
| --- | --- | --- | | ||
| roleArn | Role Arn | False | | ||
| roleSessionName | Role Session Name | False | | ||
| defaultRegion | AWS Default Region | False | | ||
| sessionDuration | Role Session Duration | False | | ||
| access_key | Access Key | True | | ||
| secret_key | Secret Key | True | | ||
| IdentityStoreId | Identity Store Id | True | | ||
| timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout \(for example 60\) or also the connect timeout followed after a comma \(for example 60,10\). If a connect timeout is not specified, a default of 10 second will be used. | False | | ||
| retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | False | | ||
| insecure | Trust any certificate (not secure) | False | | ||
| proxy | Use system proxy settings | False | | ||
|
||
4. Click **Test** to validate the URLs, token, and connection. | ||
## Commands | ||
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. | ||
After you successfully execute a command, a DBot message appears in the War Room with the command details. | ||
### aws-iam-identitycenter-create-user | ||
*** | ||
Creates a new IAM Identity Center user for your AWS account. | ||
|
||
|
||
#### Base Command | ||
|
||
`aws-iam-identitycenter-create-user` | ||
#### Input | ||
|
||
| **Argument Name** | **Description** | **Required** | | ||
| --- | --- | --- | | ||
| userName | The name of the user to create. | Required | | ||
| familyName | The family name of the user to create. | Required | | ||
| givenName | The first name of the user to create. | Required | | ||
| userEmailAddress | The email address of the user to create. | Required | | ||
| displayName | The display name of the user to create. | Required | | ||
|
||
#### Context Output | ||
|
||
| **Path** | **Type** | **Description** | | ||
| --- | --- | --- | | ||
| AWS.IAMIdentityCenter.Users.UserId | string | The stable and unique string identifying the user. | | ||
|
||
|
||
#### Command Example | ||
```!aws-iam-identitycenter-create-user userName=Test familyName=Test givenName=Test userEmailAddress=test@test.com displayName="Test Test"``` | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"name": "AWS - IAM Identity Center", | ||
"description": "AWS IAM Identity Center\n\nAuthor: Sameh El-Hakim\n\nWith AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and manage their access centrally across all their AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type.", | ||
"support": "community", | ||
"currentVersion": "1.0.0", | ||
"author": "Sameh El-Hakim", | ||
"url": "", | ||
"email": "", | ||
"created": "2023-07-27T10:46:39Z", | ||
"categories": [ | ||
"Identity and Access Management" | ||
], | ||
"tags": [], | ||
"useCases": [], | ||
"keywords": [], | ||
"marketplaces": [ | ||
"xsoar", | ||
"marketplacev2" | ||
], | ||
"githubUser": [ | ||
"sepaprivate" | ||
] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add descriptions for these arguments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done