I have the list of all AWS accounts in my organization. I need to list the users present in each account via API.
Through the documentation List account assigments,
I can list only passing as parameters account + permission set.
I wanted it to list all users, just like when I click on the account via console, as shown in the image:
Can anyone tell me if this is possible?
Asked
Active
Viewed 719 times
1
Bruno Souza
- 75
- 6
-
`aws iam list-users` – Asdfg Oct 25 '22 at 20:01
-
@Asdfg These users coming from sso, do not appear in the iam of the accounts. These are users that come from an external idp (okta) to sso. – Bruno Souza Oct 25 '22 at 22:00
-
my bad. try `aws identitystore list-users`. more info here at https://awscli.amazonaws.com/v2/documentation/api/latest/reference/identitystore/list-users.html. you may have to pass `--identity-store-id` – Asdfg Oct 26 '22 at 05:10
-
@Asdfg This method does not allow grouping by account. It only returns users. – Bruno Souza Oct 26 '22 at 15:13
-
Be curious. Explore more. I am sure you will find a solution. – Asdfg Oct 26 '22 at 23:28
1 Answers
2
The way I managed to do it was as follows:
- List all organization accounts
- For each account, list all permission sets
- With the account id and permission set, you can list users
You need to perform this process on all accounts and group users by account. It's a little tedious but it's the only way I found. I hope you can improve this library in the future.
Bruno Souza
- 75
- 6
-
Still the only answer I can find to do this, I'm amazed AWS doesn't have a better way to do this! – OllyTheNinja Feb 20 '23 at 02:43