Open jcmadick opened 1 year ago
I've done some more looking at this. In our environment, AAD users are members of AAD groups that are assigned to an AWS role based on an inline policy. I don't see how to unveil an inline policy associated with group.
I would love if the tool pulled in IAM Identity Center groups. Maybe one workaround could be to perform analysis on the roles that AWS creates under the hood for you a la AWSReservedSSO_...
Somewhat related, but we now map AWS SSO roles to Okta groups after https://github.com/lyft/cartography/pull/1307
Discussed in https://github.com/lyft/cartography/discussions/930
AWS_SSO_Group_json.txt AWS_SSO_User_json.txt