IAM Identity Center cannot be automated.

Question

Today, I'm utilizing Terraform for the automation and administration of resources within the IAM Identity Center. This entails a self-service Infrastructure as Code (IaC) approach, where the requester completes YAML files with relevant information and submits pull requests to the DevOps team. Following a validation of inputs and expected outcomes, the DevOps team approves the pull request, subsequently initiating the provisioning process through IaC.

However, a challenge arises in the process: users generated by this IaC necessitate a manual intervention for actions like initiating email verification and password reset through the AWS console. To enhance this workflow, it would be advantageous if AWS could supply an API that enables the triggering of both email verification and password reset procedures for users generated within the IAM Identity Center.

Answer

Hi,

You already have building blocks for what you want to achieve with EventBridge events generated by AWS IIC: the following post details a solution (with full CFN template) for AWS Identity Center federated group to account and permission set assignment automation.

See https://hackernoon.com/automating-aws-identity-center-permissions-management

In case, EventBridge service is detailled here: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-what-is.html

If you combine EventBridge events what the AWS SES VerifyEmailIdenity https://docs.aws.amazon.com/ses/latest/APIReference/API_VerifyEmailIdentity.html, you can probably achieve what you want.

Best,

Didier

IAM Identity Center cannot be automated.

相关内容