Support indexing accounts from multiple AWS Organizations

[gomibushi]

Description

This might be well outside of what the extensions goals were, or perhaps what it can do without making it too complex to manage. Feel free to delete this request.

We have one "test-org" and one "prod-org" in AWS. Meaning, not all accounts are in the same org. This means the extensions overwrites its registry when I switch orgs. For users with multiple orgs a better solution would be to add accounts and roles, not expunge and repopulate.

This might well require a user accessible registry of orgs to make it possible to manually delete orgs you do not want indexed any more.

Thanks for an already excellent extension.

[WTFender]

Thanks for the feedback - nice to finally find a multi-org user!

I think a consolidated view for multiple users/directories makes sense, but might take a little work.

Just checking, but when you are logged in with both accounts; are you able to switch between the 2 users successfully?

[gomibushi]

OK. So lets pretend I knew about this feature... :) It works very well actually, and it makes the implementation I was thinking about less important. I would still consider it better and prefer it because it would be faster to use. Our account names in our "test-org" are all prefixed "test-" so are easy to search even mixed with their "prod-siblings". I realize this might not be the case for a lot of people and for those the current way might be the best, at least unless the org is also tagged on the listing.

Possible improvements:

• Consilidated view/seperated view: Let the user toggle on/off showing one org's roles/accounts or all of them at the same time
• Named orges: Let users name the users (orgs is what I think of them as) in the user list.
• Org-tag: Display the name of the users/orgs on the role/account-list - to make it easy to see which user/org the account is from

All of the improvements I suggest are so that you can have just one master-list of accounts accessible on one click and searchable all from the same field. And the additional org-tag on the account is needed if you have similarly named accounts across multiple orgs.

[WTFender]

Definitely agree; a consolidated list just makes sense for those that need complete visibility. Although I definitely need to keep it optional for those that expect the clarity of separation.

I'll add a checkbox to 'Display profiles for all users,' while still retaining the ability to switch between users. Your customizations (favorites, labels & colors) are saved with the current user, so you will need to pick & set a default user (you can already do this) that can hold all your customizations/settings.

I'll have to play around with what additional info to show on the profile list, but agree there should be some distinction. The extension doesn't have visibility into AWS Organization or what organization it might be a member of; it really only sees AWS Identity Center directory & user info.

[WTFender]

Try out this new setting to list all your profiles...

In your profile list, the profiles not accessible by the current user will have this shared icon; sort of a placeholder until I think of something better, that ideally incorporates the username/directory.

Important to note that if you're logging into a 'shared account', the AWS console labels might be confusing... the console label will be the current extension user, while other parts of the console will shoe the actual SSO user.

[gomibushi]

The changes in 1.6.6 work perfectly for me! I am amazed at how quickly you delivered. Thanks a bunch!

I do think you perhaps could make the UI a bit more intuitive, but I'm not sure how. I realize in my mind I associate my two users with our two orgs, but in reality it could just as well be two users in the same org. Perhaps a splash screen image with some additional descriptions and helpful hints.

Thanks again! Excellent work and amazingly fast response!

I'd consider this "issue" closed as is.