Tibor Hercz
Writing about Cloud, architecture, AWS and software engineering.

How to view AWS accounts attached to IAM Identity Center (SSO) groups

November 23, 2022
Source code: GitHub

The AWS IAM Identity Center (Successor to AWS Single Sign-On) web console can be hard to navigate when trying to view the AWS accounts attached to an AWS IAM Identity Center (Successor to AWS Single Sign-On) group. This involves a lot of going back and forth between pages to get this seemingly simple information. Having done this multiple times and wasting an equal amount of time. I took the time to create a simple Go tool aws-iam-identity-center-explorer making use of the AWS SDK to retrieve this information and output it in a JSON structure.

More information about the aws-iam-identity-center-explorer can be found in the GitHub repository

The aws-iam-identity-center-explorer has two data representation options:

Groups

Accounts attached to groups:

{
  "GROUP_DISPLAY_NAME": [
    {
      "AccountName": "ACCOUNT_NAME",
      "AccountId": "ACCOUNT_ID"
    },
    {
      "AccountName": "ACCOUNT_NAME",
      "AccountId": "ACCOUNT_ID"
    }
  ]
}

Accounts

Groups attached to accounts

{
  "ACCOUNT_ID": {
    "AccountName": "ACCOUNT_NAME",
    "Groups": [
      "GROUP_DISPLAY_NAME",
      "GROUP_DISPLAY_NAME"
    ]
  }
}