AWS collector configuration
The configuration of the AWS collector is based on the REST collector with the following differences:
- There is no authentication type selection, as AWS collector supports only AWS Signature authentication. This authentication type adds authentication information to the HTTP header of Amazon Web Services requests.
- There is no paging mechanism selection, as AWS Collector supports only one mechanism: Paging marker. This type of paging is used if the response contains a field with an indicator which should be used in the URL for the subsequent call. If the response is truncated (that is, if it does not contain all the requested objects), it will contain an IsTruncated element set to True and a Marker element, whose value needs to be used as a parameter in the URL of the call for the subsequent page.
note
Since Omada Identity 14.0.6 (Update 6) all collectors based on the generic REST collector have their Collector ID migrated from REST to Omada ODW .NET Query.
Connection details
| Parameter | Description |
|---|---|
| Base URL | Specify the Base URL of the service. The standard value for this field is https://iam.amazonaws.com/ |
| Service Name | Enter the name of the AWS API service that the authentication request will be sent to. |
| Access Key | Enter the IAM user access key to authenticate requests. |
| Secret Key | Enter the IAM user secret key to authenticate requests. |
| Region | Optionally, enter the AWS region for the authentication request. For the IAM service, leave the field empty. |
Queries and mappings
The following queries and mappings are provided out of the box:
- Users – Accounts
- Groups – Resources
- Policies – Resources
- User group memberships – Resource assignments
- User policies (attached) – Resource assignments
- Group-level policies – Resource assignments
| AWS object | Omada Identity object | Description |
|---|---|---|
| Users | Account | Account objects for all AWS IAM users. |
| Groups | Resource | Resource objects for all AWS IAM groups. |
| Policy | Resource | Resource objects for all AWS IAM policies. |
| GroupsForUser | Resource assignment | Resource assignment objects for user’s group memberships. |
| AttachedUserPolicies | Resource assignment | Resource assignment objects for user’s attached policies. |
| AttachedGroupPolicies | Resource assignment | Resource assignment objects for group’s attached policies. |