Data import
Connection details
| Parameter | Value |
|---|---|
| Base URL | https://iam.amazonaws.com |
| Service name | iam |
| Access Key | Enter your IAM user access key to authenticate your requests. |
| Secret Key | Enter your IAM user secret key to authenticate your requests. |
| Region | Optionally, enter the AWS region for the authentication request. For the IAM service, leave the field empty. |
| Test connection | This field is optional. You can check this field to force the collector to test the defined connection before moving forward. |
Queries and mappings
Users - Accounts
Reference: ListUsers - AWS Identity and Access Management
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=ListUsers&Version=2010-05-08 |
| General | Distinct | Yes |
| General | Enabled | Check the box |
| General | Description | Accounts (ListUsers) |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | UserID |
| Unique ID | Map | UserName |
| Acount name | Map | UserName |
| Category | Constant | Account |
| Distinguesed name | Map | Path |
Groups - Resource
Reference: ListGroups
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=ListGroups&Version=2010-05-08 |
| General | Enabled | Check the box |
| General | Description | Groups (ListGroups) |
| Distinct | Yes | |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | GroupId |
| Security resource business key | Map | GroupId |
| Name | Map | GroupName |
| Category | Constant | Group |
| Type | Constant | AWS IAM Group |
| Path | Map | Path |
Policies - Resource
Reference: ListPolicies
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=ListPolicies&Version=2010-05-08 |
| General | Enabled | Check the box |
| General | Description | Policies (ListPolicies) |
| Distinct | Yes | |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Business key | Map | PolicyId |
| Security resource business key | Map | PolicyId |
| Name | Map | PolicyName |
| Category | Constant | Resource |
| Type | Constant | AWS IAM Policy |
| Short name | Map | Arn |
| Path | Map | Path |
Account and Group Assignment – Resource Assignment
Reference: GetAccountAuthorizationDetails
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=GetAccountAuthorizationDetails&Version=2010-05-08&Filter.member.1=User |
| General | Collection | UserDetailList |
| General | Enabled | Check the box |
| General | Distinct | Yes |
| General | Description | Account -> Group assignment (GetAccountAuthorizationDetails) |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Lookup | Name=GroupList |
| Account - business key | Map | UserId |
| Account is group | Constant | False |
Account and Policy Assignment – Resource Assignment
Reference: GetAccountAuthorizationDetails
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=GetAccountAuthorizationDetails&Version=2010-05-08&Filter.member.1=User |
| General | Collection | UserDetailList |
| General | Enabled | Check the box |
| General | Distinct | Yes |
| Description | Account -> Policy assignment (GetAccountAuthorizationDetails) | |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Lookup | Name=AttachedManagedPolicies_PolicyName |
| Account - business key | Map | UserId |
| Account is group | Constant | False |
Group and Policy Assignment – Resource Assignment
Reference: GetAccountAuthorizationDetails
Parameters:
| Tab | Parameter | Value |
|---|---|---|
| General | URL | ?Action=GetAccountAuthorizationDetails&Version=2010-05-08&Filter.member.1=Group |
| General | Collection | GroupDetailList |
| General | Enabled | Check the box |
| General | Distinct | Yes |
| Description | Group -> Policy assignment (GetAccountAuthorizationDetails) | |
| Advanced | HTTP verb | GET |
Mappings:
| Destination | Operator | Source |
|---|---|---|
| Resource Business key | Lookup | Name=AttachedManagedPolicies_PolicyName |
| Account - business key | Map | UserId |
| Account is group | Constant | False |
Account rules
The Omada AWS connectivity has the following account rules. You can adjust them to meet the requirements of your setup.
Ownership rule
The account owner is set to the identity where the Identity's unique ID value of the identity matches the Account UID value of the account.
| Field | Value |
|---|---|
| Type | Identity lookup |
| Join reason | Exact Match |
| Account attribute | Account UID |
| Identity attribute | Identity’s unique ID |
Classification rule
If an account with the account attribute Identity join reason equals Exact Match, the account type is set to Personal.
| Field | Value |
|---|---|
| Account type | Personal |
| Scope attribute | Identity join reason |
| Scope operator | Equals |
| Scope value | Exact Match |