search

aws / aws-cli

Universal Command Line Interface for Amazon Web Services
Other
15.61k stars 4.14k forks source link

aws configure sso - filtering account list #8867

Open davidnortonjr-sps opened 3 months ago

davidnortonjr-sps commented 3 months ago

Describe the feature

When using aws configure sso, I'd like to be able to type to filter accounts.

Use Case

Some organizations have a large number of accounts and it's unusable (especially given that the accounts seem to be sorted by neither ID, or alias).

Proposed Solution

It would be great to be able to type a few characters to filter the list of visible accounts.

Other Information

No response

Acknowledgements

CLI version used

aws-cli/2.17.29

Environment details (OS name and version, etc.)

macOS 14.6.1

tim-finnigan commented 3 months ago

Thanks for the feature request. You should be able to filter on users with the aws identitystore list-users command (documented here) for example:

aws identitystore list-users --identity-store-id d-12345abc --filters AttributePath=UserName,AttributeValue=test-user

Or alternatively using --query: 

aws identitystore list-users --identity-store-id d-12345abc --query "Users[?UserName=='test-user']"

However the docs do note that "Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.". So you could try something like this:

aws identitystore get-user-id --cli-input-json '{  "IdentityStoreId": "d-12345abc", "AlternateIdentifier": { "UniqueAttribute": {  "AttributePath": "UserName", "AttributeValue": "test-user" } } }'

And to describe a user:

aws identitystore describe-user --identity-store-id d-12345abc --user-id <user-id>

Does that help what you're trying to do, or could you elaborate on your use case in more detail?

davidnortonjr-sps commented 3 months ago

@tim-finnigan I think those commands are used in a different context: once authenticated to an AWS account, to list users.

I'm talking about the aws configure sso command, which is a wizard for selecting an AWS account to authenticate to. It is a command that is intended to ease configuration, and the feature request is intended to make it more usable when a user has access to a large number of AWS accounts (e.g., I have access to 336 accounts, and it is very difficult to find the account I want to auth to).

tim-finnigan commented 3 months ago

Thanks for clarifying — you could try using sso list-accounts or organizations list-accounts to search/filter on available accounts. I'll label this as a feature request for improving the configure wizard. Others can +1 this feature request by adding a 👍 to your original issue post.