By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I get permissionsSets assigned to a specific group/user using the Identity center API?

0

I'm using Java JDK 2.X version. I have a usecase where I want to retrieve the permissionsets associated with a given group/user using the Identity Centre API. I was referring to the following links and I don't see such an API offered or any relationship mapping in any of the API. I've referred to an API (ListPermissionSetsProvisionedToAccount) that provides all the permission sets that have been provided to a specific AWS account, but for my use case, I want to list permission sets for a specific group/user.

Links: IAM Identity Center API Reference https://docs.aws.amazon.com/singlesignon/latest/APIReference/welcome.html

Identity Store API Reference https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html

Many thanks for reading.

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
rePost-User-6848120
asked a year ago269 views
1 Answer
0

Here's an option I've done in the past to get the group/user information for all permission sets:

  • Call ListPermissionSets
  • ListAccountAssignments for each Permission Set
  • This will give you an AccountAssignment object back containing AccountId + PsetArn + Principal
    • The principal will be the user/group id (GUID) associated with the assigned Pset in the account
  • Then you can call DescribeGroup on the Identity Store API to get the group's display name (for example)
kwoods
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content