Open nxtof opened 3 years ago
To answer your question, we currently don't have plans to add AWS SSO support. I think it would be reasonable to include in 1.2.0. I took a quick look at the work it would take, lemme know if you think it's a reasonable summary:
gathering.py
and maybe guard it with a --with-sso
flag/param)query/argquery
to let people query by SSO user (maybe something like sso/user_one
for the principal component).Find a way to grab the user -> role mapping
I've been doing some work on this, and my current approach has been:
organizations.list_accounts
sso-admin.list_instances
sso-admin.list_permission_sets
sso-admin.list_accounts_for_provisioned_permission_sets
sso-admin.list_account_assignments
identitystore.describe_user
or identitystore.describe_group
Graph-wise, it would probably make sense to and the permission sets as nodes with edges to the corresponding roles in IAM.
Note that accessing SSO and the identity store will require additional permissions.
Hello,
Do you have any plans to support AWS SSO? e.g. to be able to map back a specific AWS SSO-managed role (AWSSSOReserved_AdminAccess_xxxx) to a list of users assigned with this role
Thanks!