Skip to content
/ AWSIdentityCenter_AccountAssignments Public

A little helperscript to load all account assignments in your organization

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

robertdemeyer/AWSIdentityCenter_AccountAssignments

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

repository

repository

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

get_users.py

get_users.py

 
 

Repository files navigation

AWS Identity Center: Retrieve Account Assignments

A simple script to retrieve account assignments.

Test the solution

Assign the correct AWS profile for Boto3 in get_users.py. Run the script get_users.py against your management account. Needed access Rights are documented below.

Class Diagramm

IMPORTANT: You can control wether you want to retrieve only Users, Groups or both with the principal_type attribute in get_bindings_by_account_id. Allowed principal_types are 'USER', 'GROUP', 'ALL'. Defaults to 'USER'

image

Needed Access Rights

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "GetAllSSOAccountAssignments",
            "Effect": "Allow",
            "Action": [
                "organizations:ListAccounts",
                "identitystore:DescribeUser",
                "identitystore:DescribeGroup",
                "sso:ListInstances",
                "sso:ListPermissionSets",
                "sso:ListAccountsForProvisionedPermissionSet",
                "sso:DescribePermissionSet",
                "sso:ListAccountAssignments"
            ],
            "Resource": "*"
        }
    ]
}

About

A little helperscript to load all account assignments in your organization

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages