Pronex
commented
5 months ago Still not working, and also the case with boto3. Asked AWS ProServ to take a look at this.
Open rgleme opened 8 months ago
Pronex
commented
5 months ago Still not working, and also the case with boto3. Asked AWS ProServ to take a look at this.
tim-finnigan
commented
1 day ago Looking at the ListUsers API documentation (https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html#API_ListUsers_RequestSyntax) it notes for Filters that "This parameter has been deprecated.". Can you expand more on this behavior: "If I'm using AWS Managed AD as Identity Provider, AWS CLI still asks for --filter."? Is there an error message returned or what are you seeing? Any changes here would need to be addressed by the IdentityStore team since they maintain the API that the CLI is using.
Regarding: https://github.com/aws/aws-sdk/issues/109
I'm reopening this discussion because it seems that the "Filter" issue was not completely solved. We can run
aws identitystore list-users --identity-store-id=""
or
aws identitystore list-groups --identity-store-id=""
without the --filter parameter IF our IdentityStore is the IAM Identity Center default one. If I'm using AWS Managed AD as Identity Provider, AWS CLI still asks for --filter.
In addition, for list-users action, AWS CLI is asking for a parameter User@Domain and it only works with the Domain created in AWS Managed AD. In my use case here I have UserNames being users' e-mails, so we have user@lots_of_domains.
Is it possible to change AWS CLI to avoid to ask for --filter if Identity Provider is not the SSO default?
Thanks a lot.