CODEWITHSUNDEEP
amazon-web-servicesaws-cliaws-sdk-nodejsaws-sso
Avinash
Avinash

Reputation: 15

Getting all users from AWS identitystore along with status property

I have been trying to get all user details from AWS identitystore using both AWS sdk and AWS CLI. In both cases the json returned does not consists of "status" property. Although on the AWS console the status is clearly mentioned/visible.

The CLI command that I used looks like below: aws identitystore list-users --identity-store-id="d-XXXXXXXXXXX"

The intention is to fetch all users with cron job and sync it with our on-prem DB, while keeping the statuses in check.

I have tried Nodejs AWS SDK as well as AWS CLI with no luck. I also tried fetching user details exclusively for an userid, but it return json of same structure as "list-users" command without the status field.

Upvotes: 1

Views: 1774

Answers (1)

Eric Zaporzan
Eric Zaporzan

Reputation: 36

To my knowledge, this functionality is currently only available through the SCIM API (I'm making the assumption that you're provisioning users from an external provider, apologies if that's not the case)

https://docs.aws.amazon.com/singlesignon/latest/developerguide/getuser.html

GET https://scim.us-east-1.amazonaws.com/{tenant_id}/scim/v2/Users/9067729b3d-ee533c18-538a-4cd3-a572-63fb863ed734
User-Agent: Mozilla/5.0
Authorization: Bearer <bearer_token>

{
    "id": "9067729b3d-ee533c18-538a-4cd3-a572-63fb863ed734",
    "externalId": "1",
    "meta": {
        "resourceType": "User",
        "created": "2020-03-30T16:55:15Z",
        "lastModified": "2020-03-30T16:55:15Z"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "userName": "johndoe",
    "name": {
        "familyName": "Doe",
        "givenName": "John"
    },
    "displayName": "John Doe",
    "active": false, // <----- user status
    "emails": [
        {
            "value": "[email protected]",
            "type": "work",
            "primary": true
        }
    ]
}

The tenant-specific SCIM endpoint can be found by navigating to the Identity Center "Settings" page, and clicking "Actions > Manage Provisioning" under the "Identity source" tab. That's also where you can generate the access token you'll need to access the API. The user ID in the URL lines up with what you get from the Identity Center API/SDK.

It's definitely an annoying workaround but it'll give you the user status.

Upvotes: 0

Related Questions