Skip to main content

Data provisioning

Connector settings

ParameterDescription
Base addresshttps://iam.amazonaws.com
Content type headerapplication/json
Accept headerapplication/json
Service nameiam
Access keyEnter your IAM user access key to authenticate your requests.
Secret keyEnter your IAM user secret key to authenticate your requests.
RegionOptionally, enter the AWS region for authentication request. For the IAM service, it is recommended that you leave the field empty.
Test connectionThis field is optional. You can check this field to force the collector to test the defined connection before moving forward.

Data model

The data model for AWS is extensible and consists of two sections: <properties> and <objects>.

| <connectorDataModel xmlns="http://schemas.omada.net/ops/2015/ConnectorDataModelML" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <properties>
    <!-- common -->
    <property name="Version" requried="true" />
    <property name="UserName" requried="true" />
    <property name="Action" />
    <!-- /common -->
    <!-- account -->
    <property name="Path" />
    <property name="Password" />
    <property name="PasswordResetRequired" />
    <!-- /account -->
    <!-- group -->
    <property name="GroupName" requried="true" />
    <!-- /group -->
    <!-- policies -->
    <property name="PolicyArn" requried="true" />
    <!-- /policies -->
  </properties>
  <objects>
    <object name="AWSUser">
      <objectDetails>
        <objectDetail name="VerbForCreate" value="POST" />
        <objectDetail name="VerbForUpdate" value="POST" />
        <objectDetail name="VerbForDelete" value="POST" />

      </objectDetails>
      <objectProperties>
        <objectProperty>Version</objectProperty>
        <objectProperty>Path</objectProperty>
        <objectProperty>UserName</objectProperty>
        <objectProperty>Password</objectProperty>
        <objectProperty>PasswordResetRequired</objectProperty>
        <objectProperty>Action</objectProperty>
      </objectProperties>
    </object>
    <object name="AWSGroupAssignment">
      <objectDetails>
        <objectDetail name="VerbForCreate" value="GET" />
        <objectDetail name="VerbForDelete" value="GET" />
        <objectDetail name="ResourcePathCreate" value="?Version={Version}&amp;Action=AddUserToGroup&amp;UserName={UserName}&amp;GroupName={GroupName}" />
        <objectDetail name="ResourcePathDelete" value="?Version={Version}&amp;Action=RemoveUserFromGroup&amp;UserName={UserName}&amp;GroupName={GroupName}" />
      </objectDetails>
      <objectProperties>
        <objectProperty>Version</objectProperty>
        <objectProperty>UserName</objectProperty>
        <objectProperty>GroupName</objectProperty>
      </objectProperties>
    </object>
    <object name="AWSAttachedPolicyAssignment">
      <objectDetails>
        <objectDetail name="VerbForCreate" value="GET" />
        <objectDetail name="VerbForDelete" value="GET" />
        <objectDetail name="ResourcePathCreate" value="?Version={Version}&amp;Action=AttachUserPolicy&amp;UserName={UserName}&amp;PolicyArn={PolicyArn}" />
        <objectDetail name="ResourcePathDelete" value="?Version={Version}&amp;Action=DetachUserPolicy&amp;UserName={UserName}&amp;PolicyArn={PolicyArn}" />
      </objectDetails>
      <objectProperties>
        <objectProperty>Version</objectProperty>
        <objectProperty>UserName</objectProperty>
        <objectProperty>PolicyArn</objectProperty>
      </objectProperties>
    </object>
    <object name="AWSSSPR">
      <objectDetails>
        <objectDetail name="VerbForUpdate" value="POST" /> 
      </objectDetails>
      <objectProperties>
        <objectProperty>Version</objectProperty>
        <objectProperty>UserName</objectProperty>
        <objectProperty>Password</objectProperty>
        <objectProperty>PasswordResetRequired</objectProperty>
        <objectProperty>Action</objectProperty>
      </objectProperties>
    </object>
  </objects>
</connectorDataModel>

Task mappings

AWSUser

The object is used for creating, updating (deactivating user), and deleting account.

ParameterOperatorSource
Object IdMapObjectId
OperationMapOperation
VersionConstant2010-05-08
ActionExpressionOperation == "Create" ? "CreateLoginProfile" : Operation == "Update" && ROPE_Disabled == true ? "DeleteLoginProfile" : Operation == "Update" ? "CreateLoginProfile" : Operation != "Create" && Operation != "Update" ? "DeleteUser" : null
PathExpressionOperation == "Create" ? (!string.IsNullOrEmpty(ROPE_DistinguisedName) ? ROPE_DistinguisedName : "/") : null
UserNameMapROPE_AccountName
PasswordExpression(Operation == "Update" && ROPE_Disabled == false) ? (!string.IsNullOrEmpty(ROPE_ATTR_INITIALPASSWORD) ? ROPE_ATTR_INITIALPASSWORD : "Pwd@" + DateTime.Now.Millisecond.ToString("0000") + ROPE_AccountName) : null
PasswordResetRequiredExpression(Operation == "Update" && ROPE_Disabled == false) ? "true" : null
PasswordExpressionOperation == "Create" ? ROPE_ATTR_INITIALPASSWORD : null
PasswordResetRequiredExpressionOperation == "Create" ? "true" : null

AWSGroupAssignment

The object is used for creating and deleting group assignments.

ParameterOperatorSource
Object IdMapObjectId
OperationMapOperation
VersionConstant2010-05-08
UserNameMapROPE_AccountName
GroupNameMapROPE_Resource

AWSAttachedPolicyAssignment

The object is used for creating and deleting policy assignments.

ParameterOperatorSource
Object IdMapObjectId
OperationMapOperation
VersionConstant2010-05-08
ActionConstantUpdateLoginProfile
UserNameMapSSPR_AccountName
PasswordMapSSPR_NewPassword
PasswordResetRequiredMaptrue

AWSUser

The object is used for resetting password.

ParameterOperatorSource
Object IdMapObjectId
Object typeMapObjectType
OperationMapOperation
VersionConstant2010-05-08
ActionConstantUpdateLoginProfile
UserNameMapSSPR_AccountName
PasswordMapSSPR_NewPassword
PasswordResetRequiredConstanttrue