Last active
July 14, 2023 06:36
-
-
Save MasahiroKawahara/898c2c89458d6b8ae4202e9f7a085a54 to your computer and use it in GitHub Desktop.
IAM Identity Center のユーザー・グループ操作周りのAWS CLIエイリアス (.aws/cli/alias)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[toplevel] | |
whoami = sts get-caller-identity | |
### IAM Identity Center(SSO) | |
sso-store-id = sso-admin list-instances \ | |
--query "Instances[0].IdentityStoreId" --output text | |
sso-user-id = | |
!f() { | |
store_id="$1" | |
user_email="$2" | |
aws identitystore get-user-id --output text \ | |
--identity-store-id "$store_id" \ | |
--alternate-identifier "{\"UniqueAttribute\":{\"AttributePath\":\"emails.value\",\"AttributeValue\":\"${user_email}\"}}" \ | |
--query "UserId" | |
};f | |
sso-group-id = | |
!f() { | |
store_id="$1" | |
group_name="$2" | |
aws identitystore get-group-id --output text \ | |
--identity-store-id "$store_id" \ | |
--alternate-identifier "{\"UniqueAttribute\":{\"AttributePath\":\"displayName\",\"AttributeValue\":\"${group_name}\"}}" \ | |
--query "GroupId" | |
};f | |
sso-create-membership = | |
!f () { | |
store_id="$1" | |
group_name="$2" | |
user_email="$3" | |
group_id=$(aws sso-group-id "$store_id" "$group_name") | |
user_id=$(aws sso-user-id "$store_id" "$user_email") | |
if [ "$group_id" != "" ] && [ "$user_id" != "" ]; then | |
aws identitystore create-group-membership \ | |
--identity-store-id "$store_id" \ | |
--group-id "$group_id" \ | |
--member-id UserId="$user_id" | |
fi | |
};f | |
sso-membership = | |
!f () { | |
store_id="$1" | |
group_name="$2" | |
user_email="$3" | |
group_id=$(aws sso-group-id "$store_id" "$group_name") | |
user_id=$(aws sso-user-id "$store_id" "$user_email") | |
if [ "$group_id" != "" ] && [ "$user_id" != "" ]; then | |
aws identitystore get-group-membership-id --output text \ | |
--identity-store-id "$store_id" \ | |
--group-id "$group_id" \ | |
--member-id UserId="$user_id" \ | |
--query "MembershipId" | |
fi | |
};f | |
sso-delete-membership = | |
!f () { | |
store_id="$1" | |
group_name="$2" | |
user_email="$3" | |
membership_id=$(aws sso-membership "$store_id" "$group_name" "$user_email") | |
if [ "$membership_id" != "" ];then | |
aws identitystore delete-group-membership \ | |
--identity-store-id "$store_id" \ | |
--membership-id "$membership_id" | |
fi | |
};f |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment