[Marketplace Contribution] AWS - IAM Identity Center

Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter.yml

@@ -0,0 +1,221 @@
+category: IT Services
+sectionOrder:
+- Connect
+- Collect
+commonfields:
+  id: AWS - IAM Identity Center
+  version: -1
+configuration:
+- display: Role Arn
+  name: roleArn
+  required: false
+  section: Connect
+  type: 0
+- display: Role Session Name
+  name: roleSessionName
+  required: false
+  section: Connect
+  type: 0
+- advanced: true
+  display: AWS Default Region
+  name: defaultRegion
+  options:
+  - us-east-1
+  - us-east-2
+  - us-west-1
+  - us-west-2
+  - ca-central-1
+  - eu-west-1
+  - eu-central-1
+  - eu-west-2
+  - ap-northeast-1
+  - ap-northeast-2
+  - ap-southeast-1
+  - ap-southeast-2
+  - ap-south-1
+  - sa-east-1
+  - eu-north-1
+  - eu-west-3
+  - us-gov-east-1
+  - us-gov-west-1
+  required: false
+  section: Collect
+  type: 15
+- advanced: true
+  display: Role Session Duration
+  name: sessionDuration
+  required: false
+  section: Connect
+  type: 0
+- display: Access Key
+  displaypassword: Secret Key
+  name: credentials
+  required: false
+  section: Connect
+  type: 9
+- display: Access Key
+  hidden: true
+  name: access_key
+  required: true
+  section: Connect
+  type: 4
+- display: Secret Key
+  hidden: true
+  name: secret_key
+  required: true
+  section: Connect
+  type: 4
+- additionalinfo: The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used.
+  defaultvalue: 60,10
+  display: Timeout
+  name: timeout
+  type: 0
+  section: Connect
+  advanced: true
+  required: false
+- additionalinfo: The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.
+ defaultvalue: '5'
+  display: Retries
+  name: retries
+  type: 0
+  section: Connect
+  advanced: true
+  required: false
+- advanced: true
+  display: Trust any certificate (not secure)
+  name: insecure
+  required: false
+  section: Connect
+  type: 8  
+- advanced: true
+  display: Use system proxy settings
+  name: proxy
+  required: false
+  section: Connect
+  type: 8
+- display: Identity Store Id
+  name: IdentityStoreId
+  required: true
+  type: 4
+contentitemexportablefields:
+  contentitemfields:
+    definitionid: ""
+    fromServerVersion: ""
+    itemVersion: ""
+    packID: fc025940-2fe4-4adc-80c9-9ad7d8eb7bcd
+    packName: AWS - IAM Identity Center Contribution Pack
+    prevname: ""
+    propagationLabels:
+    - all
+    toServerVersion: ""
+description: Amazon Web Services IAM Identity Center
+display: AWS - IAM Identity Center
+name: AWS - IAM Identity Center
+script:
+  commands:
+  - arguments:
+    - description: The name of the user to create.
+      name: userName
+      required: true
+    - name: familyName
+    - name: givenName
+      required: true
+    - name: userEmailAddress
+      required: true
+    - name: displayName
+      required: true
+    description: Creates a new IAM Identity Center user for your AWS account.
+    name: aws-iam-identitycenter-create-user
+    outputs:
+    - contextPath: AWS.IAMIdentityCenter.Users.UserId
+      description: The date and time, when the user was created.
+      type: date
+  - arguments:
+    - description: The name of the user to get information about.
+      name: userName
+      required: true
+    description: Retrieves information about the specified IAM user, including the user creation date, path, unique ID, and ARN.
+    name: aws-iam-identitycenter-get-user
+    outputs:
+    - contextPath: AWS.IAM.IdentityCenter.Users.UserName
+      description: The friendly name identifying the user.
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.UserId
+      description: The stable and unique string identifying the user.
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.Email
+      description: The user email address
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.DisplayName
+      description: The user display name in AWS IAM IdentityCenter
+  - arguments: []
+    description: Lists the IAM users, returns all users in the AWS account.
+    name: aws-iam-identitycenter-list-users
+    outputs:
+    - contextPath: AWS.IAMIdentityCenter.Users.UserName
+      description: The friendly name identifying the user.
+      type: string
+    - contextPath: AWS.IAMIdentityCenter.Users.UserId
+      description: The stable and unique string identifying the user.
+      type: string
+  - arguments: []
+    description: Lists all the IAM groups in the AWS account
+    name: aws-iam-identitycenter-list-groups
+    outputs:
+    - contextPath: AWS.IAM.IdentityCenter.Groups.GroupName
+      description: The friendly name that identifies the group.
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Groups.GroupId
+      description: The stable and unique string identifying the group.
+      type: string
+  - arguments:
+    - description: The name of the user to list groups for.
+      name: userName
+      required: true
+    description: Lists the IAM groups that the specified IAM user belongs to.
+    name: aws-iam-identitycenter-list-groups-for-user
+    outputs:
+    - contextPath: AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupName
+      description: The friendly name that identifies the group.
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupId
+      description: The stable and unique string identifying the group
+      type: string
+  - arguments:
+    - description: The name of the user to add.
+      name: userName
+      required: true
+    - description: The name of the group to update.
+      name: groupName
+      required: true
+    description: Adds the specified user to the specified group.
+    name: aws-iam-identitycenter-add-user-to-group
+  - arguments:
+    - name: groupName
+      required: true
+    description: The name of the group to search.
+    name: aws-iam-identitycenter-get-group
+  - arguments:
+    - description: Username that will be removed from all groups
+      name: userName
+      required: true
+    description: This will remove the entered user from all groups/memberships
+    name: aws-iam-identitycenter-remove-user-from-all-groups
+  - arguments:
+    - name: emailAddress
+    outputs:
+    - contextPath: AWS.IAM.IdentityCenter.Users.UserName
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.Email
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.UserId
+      type: string
+    - contextPath: AWS.IAM.IdentityCenter.Users.DisplayName
+      type: string
+    description: This will get user information using email address
+    name: aws-iam-identitycenter-get-user-by-email
+ dockerimage: demisto/boto3py3:1.0.0.65194
+  runonce: false
+  script: ''
+  subtype: python3
+  type: python

Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/AWSIAMIdentityCenter_description.md

@@ -0,0 +1,11 @@
+AWS IAM Identity Center
+
+Author: Sameh El-Hakim
+
+With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and manage their access centrally across all their AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type.
+
+
+---
+
+[View Integration Documentation](https://xsoar.pan.dev/docs/reference/integrations/aws-iam-identitycenter)
+

Packs/AWS-IAMIdentityCenter/Integrations/AWSIAMIdentityCenter/README.md

@@ -0,0 +1,57 @@
+Amazon Web Services Identity and Access Management Identity Center(IAM)
+
+For detailed instructions about setting up authentication, see: [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
+
+
+## Configure AWS - IAM Identity Center on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for AWS - IAM Identity Center.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Description** | **Required** |
+    | --- | --- | --- |
+    | roleArn | Role Arn | False |
+    | roleSessionName | Role Session Name | False |
+    | defaultRegion | AWS Default Region | False |
+    | sessionDuration | Role Session Duration | False |
+    | access_key | Access Key | True |
+    | secret_key | Secret Key | True |
+    | IdentityStoreId | Identity Store Id | True |
+    | timeout | The time in seconds till a timeout exception is reached. You can specify just the read timeout \(for example 60\) or also the connect timeout followed after a comma \(for example 60,10\). If a connect timeout is not specified, a default of 10 second will be used. | False |
+    | retries | The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. | False |
+    | insecure | Trust any certificate (not secure) | False |
+    | proxy | Use system proxy settings | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+## Commands
+You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+### aws-iam-identitycenter-create-user
+***
+Creates a new IAM Identity Center user for your AWS account.
+
+
+#### Base Command
+
+`aws-iam-identitycenter-create-user`
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| userName | The name of the user to create. | Required | 
+| familyName | The family name of the user to create. | Required | 
+| givenName | The first name of the user to create. | Required | 
+| userEmailAddress | The email address of the user to create. | Required | 
+| displayName | The display name of the user to create. | Required | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.IAMIdentityCenter.Users.UserId | string | The stable and unique string identifying the user. | 
+
+
+#### Command Example
+```!aws-iam-identitycenter-create-user userName=Test familyName=Test givenName=Test userEmailAddress=test@test.com displayName="Test Test"```
+

Packs/AWS-IAMIdentityCenter/pack_metadata.json

@@ -0,0 +1,23 @@
+{
+    "name": "AWS - IAM Identity Center",
+    "description": "AWS IAM Identity Center\n\nAuthor: Sameh El-Hakim\n\nWith AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users. IAM Identity Center provides one place where you can create or connect workforce users and manage their access centrally across all their AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization in AWS, for organizations of any size and type.",
+    "support": "community",
+    "currentVersion": "1.0.0",
+    "author": "Sameh El-Hakim",
+    "url": "",
+    "email": "",
+    "created": "2023-07-27T10:46:39Z",
+    "categories": [
+        "Identity and Access Management"
+    ],
+    "tags": [],
+    "useCases": [],
+    "keywords": [],
+    "marketplaces": [
+        "xsoar",
+        "marketplacev2"
+    ],
+    "githubUser": [
+        "sepaprivate"
+    ]
+}

Packs/ApiModules/Scripts/AWSApiModule/AWSApiModule.py

@@ -1,5 +1,6 @@
-from CommonServerPython import *
-from CommonServerUserPython import *
+from CommonServerPython import *  # noqa: F401
+import demistomock as demisto  # noqa: F401
+
 import boto3
 from botocore.config import Config
 
@@ -190,4 +191,4 @@ def get_timeout(timeout):
             raise DemistoException("You can specify just the read timeout (for example 60) or also the connect "
                                    "timeout followed after a comma (for example 60,10). If a connect timeout is not "
                                    "specified, a default of 10 second will be used.")
-        return read_timeout, connect_timeout
+        return read_timeout, connect_timeout