misraved
commented
2 years ago Thanks @andushow for using Steampipe. Really excited to see your use case for AWS Organization 👍 .
Few questions to understand your use case first:
- How many accounts are included under the organization?
- Will you be using the queries in the form of automated scripts in any workflow?
- Have you tried using one of the steps from https://hub.steampipe.io/plugins/turbot/aws#multi-account-connections to test your queries?
Looking at the constraints that you mentioned in the issue, I believe you could use this configuration - https://hub.steampipe.io/plugins/turbot/aws#assumerole-credentials-with-mfa to query the data in your accounts.
There are several other scripts which help in the auto-generation of your config/aws.spc file. You could refer https://github.com/happy240/steampipe-conn-generator-for-aws-organization for more information.
If you are using SSO for authentication, we do have a slack thread which provides some great insight - https://steampipe.slack.com/archives/C01TFE9SU1F/p1653071981235759
Meanwhile, I will try to replicate the login method that you have specified above and see if I can provide you with more insights 👍 .
andushow
cbruno10
Hello, My (IAM) AWS user can connect to all accounts part of an OU (defined under AWS Organizations); The user needs MFA to log in to the residency account, but has no programmatic access key. Once authN, the login (user) can assumeRole to (read data from) all accounts under the OU. Is there a way I can use steampipe to query data from all accounts in the OU using said user/authN ? Thanks,