List all groups from AWS SSO via API?

Question

I have a bunch of AWS SSO Groups I would like to list via the API so I can acquire the Name and GroupID. The API call ListGroups (https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListGroups.html) is pretty useless. It must filter on DisplayName and a value is currently required. As far as I could tell via the old AWS Forums, a wild card search and impartial searches are not allowed. I've tried them myself (impartial and wildcard) with the boto3 SDK and nope. Afterwards, I'd like to use the existing API calls to assign permissionsets to said groups.

AWS cannot be serious in that they don't have an API call to list the groups present?

score 1 · Answer 1 · answered Jun 05 '23 at 06:56

Specify region where you have aws sso:

aws identitystore list-groups --identity-store-id=d-123456789 --region us-east-1

Which gives you output:

{
    "Groups": [
        {
            "GroupId": "123456789-aa-bb-cc-dd-ee",
            "DisplayName": "this-it-team",
            "IdentityStoreId": "d-123456789"
        },

score 0 · Answer 2 · answered Jan 31 '23 at 16:26

0

aws identitystore list-group --identity-store-id=d-xxxxxxxx

answered Jan 31 '23 at 16:26

scottmont

39
6

List all groups from AWS SSO via API?

2 Answers2