Hi,
Reproduced in 2 environments:
- ADConnector->AWS SSO
- MicrosoftAD->AWS SSO
Provisioning method is ADSync
Tested with latest versions of boto3 and AWS cli both.
When I call ListGroups / ListUsers and other API methods of IdentityStore, I'm facing different errors:
- When ListUsers / ListGroups without Filters - getting error from the server that I must add filters although this argument was deprecated:
self._client.list_users(IdentityStoreId=self._identity_store_id)
2023-01-29 15:36:20,909 urllib3.connectionpool [DEBUG] Resetting dropped connection: identitystore.us-east-1.amazonaws.com
2023-01-29 15:36:21,351 urllib3.connectionpool [DEBUG] https://identitystore.us-east-1.amazonaws.com:443 "POST / HTTP/1.1" 400 63
*** botocore.errorfactory.ValidationException: An error occurred (ValidationException) when calling
the ListUsers operation: Filter is required
You can see in the logs that a request has been made and it's not the SDK that blocks me from listing users without filters.
Second issue is when listing group memberships, getting UnknownOperationException - (the UserId is correct and works with DescribeUser API call).
This reproduces both in ListGroupMemberships and ListGroupMembershipsForMember:
self._client.list_group_memberships_for_member(IdentityStoreId=self._identity_store_id, MemberId={'UserId': 'REDACTED'})
2023-01-29 15:39:42,371 urllib3.connectionpool [DEBUG] https://identitystore.us-east-1.amazonaws.com:443 "POST / HTTP/1.1" 400 38
*** botocore.exceptions.ClientError: An error occurred (UnknownOperationException) when calling the ListGroupMembershipsForMember operation:
I have only read access to this AWS account.
Thanks.
AWS 官方已更新 1 年前
I'm sorry but it's seems that you answered the question only to gain points here. The filters argument is no longer required. Also, I can guarantee that I have sufficient permissions as this issue does not reproduce on many other environments (some with Active Directory and some aren't) - with the same permissions (and DescribeUser/DescribeGroup working perfectly).