Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Getting all users from AWS identitystore along with "status" property

1

I have setup AWS SSO with MS Active Directory using the AD-Connector. I need to get all user that exist in AWS identitystore so that I can sync it with my on-prem DB. To do that I have tried below AWS CLI command

aws identitystore list-users --identity-store-id="d-XXXXXXXXX"

The result of command above gives the listing of users with their details, but I doesn't mention the status of the user. I need the information whether the user is active/in-active, so that I can enable/disable the user in my DB too. I don't see such information returned from the above command. I tried AWS SDK for Nodejs too but I still get same json object with no "Status" field. Although the AWS console for Identitystore does show whether the user is active, but same is not returned in APIs or CLI response.

Any help or alternative approach get user details with status is really appreciated.

  • Michael-Lumos
    hace un año

    This is a huge omission from the Identity Store API after the SSO transition. The UI and the SCIM API both provide User status of Enabled/Disabled. The replacement Identity Store list_users and describe_user APIs should also provide this data. This is significantly blocking the adoption of the Identity Store API.

Temas
Seguridad, identidad y cumplimientoGestión y gobierno
Etiquetas
Seguridad, identidad y cumplimientoAWS Identity and Access ManagementAWS Directory ServiceAWS Management ConsoleAWS Command Line Interface
Idioma
English
Avinash-INDX
preguntada hace un año439 visualizaciones
1 Respuesta
1
Respuesta aceptada

There does not seem to be a way to check with the CLI at this time.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/list-users.html
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/describe-user.html

The only other way I could think of was to create a script that would crawl the screen and check the status.

profile picture
EXPERTO
Riku_Kobayashi
respondido hace un año
  • Avinash-INDX
    hace un año

    Thanks for sparing some time and effort. It seems AWS is yet to bring the "status" information in API or CLI. As you suggested, I am only left with option to crawl the page and get the status info. Thanks. Given current scenario with AWS I am going to accept the solution.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante