AWS - IAM Identity Center
AWS - IAM Identity Center Pack.#
This Integration is part of theAmazon Web Services Identity and Access Management Identity Center(IAM)
For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.
#
Configure AWS - IAM Identity Center on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for AWS - IAM Identity Center.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Role Arn True Role Session Name True AWS Default Region True Role Session Duration False Timeout The time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 second will be used. False Retries The maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time. False Trust any certificate (not secure) False Use system proxy settings False Identity Store ID True Secret Key True Access Key True Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
aws-iam-identitycenter-create-userCreates a new IAM Identity Center user for your AWS account.
#
Base Commandaws-iam-identitycenter-create-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The username of the user to create. | Required |
familyName | The family name of the user to create. | Optional |
givenName | The First name of the user to create. | Required |
userEmailAddress | The email address of the user to create. | Required |
displayName | The display name of the user to create. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAMIdentityCenter.Users.UserId | date | The date and time, when the user was created. |
#
aws-iam-identitycenter-get-userRetrieves information about the specified IAM user, including the user creation date, path, unique ID, and ARN.
#
Base Commandaws-iam-identitycenter-get-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to get information about. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.IdentityCenter.Users.UserName | string | The friendly name identifying the user. |
AWS.IAM.IdentityCenter.Users.UserId | string | The stable and unique string identifying the user. |
AWS.IAM.IdentityCenter.Users.Email | string | The user email address. |
AWS.IAM.IdentityCenter.Users.DisplayName | unknown | The user display name in AWS IAM IdentityCenter. |
#
aws-iam-identitycenter-list-usersLists the IAM users, returns all users in the AWS account.
#
Base Commandaws-iam-identitycenter-list-users
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAMIdentityCenter.Users.UserName | string | The friendly name identifying the user. |
AWS.IAMIdentityCenter.Users.UserId | string | The stable and unique string identifying the user. |
#
aws-iam-identitycenter-list-groupsLists all the IAM groups in the AWS account.
#
Base Commandaws-iam-identitycenter-list-groups
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.IdentityCenter.Groups.GroupName | string | The friendly name that identifies the group. |
AWS.IAM.IdentityCenter.Groups.GroupId | string | The stable and unique string identifying the group. |
#
aws-iam-identitycenter-list-groups-for-userLists the IAM groups that the specified IAM user belongs to.
#
Base Commandaws-iam-identitycenter-list-groups-for-user
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to list groups for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupName | string | The friendly name that identifies the group. |
AWS.IAM.IdentityCenter.Users.GroupMemeberships.GroupId | string | The stable and unique string identifying the group. |
#
aws-iam-identitycenter-add-user-to-groupAdds the specified user to the specified group.
#
Base Commandaws-iam-identitycenter-add-user-to-group
#
InputArgument Name | Description | Required |
---|---|---|
userName | The name of the user to add. | Required |
groupName | The name of the group to update. | Required |
#
Context OutputThere is no context output for this command.
#
aws-iam-identitycenter-get-groupGet AWS IAM Identity Center group Information.
#
Base Commandaws-iam-identitycenter-get-group
#
InputArgument Name | Description | Required |
---|---|---|
groupName | The name of the group to search. | Required |
#
Context OutputThere is no context output for this command.
#
aws-iam-identitycenter-remove-user-from-all-groupsThis will remove the entered user from all groups/memberships.
#
Base Commandaws-iam-identitycenter-remove-user-from-all-groups
#
InputArgument Name | Description | Required |
---|---|---|
userName | Username that will be removed from all groups. | Required |
#
Context OutputThere is no context output for this command.
#
aws-iam-identitycenter-get-user-by-emailThis will get user information using email address.
#
Base Commandaws-iam-identitycenter-get-user-by-email
#
InputArgument Name | Description | Required |
---|---|---|
emailAddress | The email of the user to be removed. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AWS.IAM.IdentityCenter.Users.UserName | string | The friendly name identifying the user. |
AWS.IAM.IdentityCenter.Users.Email | string | The email address identifying the user. |
AWS.IAM.IdentityCenter.Users.UserId | string | The user ID of the queried user. |
AWS.IAM.IdentityCenter.Users.DisplayName | string | The display name of the queried user. |