[PR #2012/8b138e39 backport][stable-7] returns boolean if a user has access to console login #2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![patchback[bot]](https://avatars.githubusercontent.com/in/21488?s=60&v=4){kind=small}
returns boolean if a user has access to console login
Summary
I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface.
Issue Type
Feature Pull Request
Component Name: botocore
includes the botocore interaction, specifically regarding the console_access information retrievals
Additional Information
With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console
Before the change a normal response:
{
"arn": "arn:aws:iam::11111111:user/terraform",
"create_date": "2018-04-18T14:12:44+00:00",
"path": "/",
"tags": {},
"user_id": "12345abcd",
"user_name": "terraform"
}
After the change:
{
"arn": "arn:aws:iam::11111111:user/terraform",
"console_access": false,
"create_date": "2018-04-18T14:12:44+00:00",
"path": "/",
"tags": {},
"user_id": "12345abcd",
"user_name": "terraform"
}
Reviewed-by: Bikouo Aubin
Reviewed-by: Mark Chappell
(cherry picked from commit 8b138e3)
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 46s |
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: You can compare to the docs for the File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/iam_user_info_module.html b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/iam_user_info_module.html
index 0a67acc..1d5f364 100644
--- a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/iam_user_info_module.html
+++ b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/iam_user_info_module.html
@@ -422,6 +422,15 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-iam_users/login_profile"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-login-profile"><strong>login_profile</strong></p>
+<a class="ansibleOptionLink" href="#return-iam_users/login_profile" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Detailed login profile information if the user has access to log in from AWS default console. Returns an empty object {} if no access.</p>
+<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> always</p>
+<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{"create_date":</span> <span class="pre">"2024-03-20T12:50:56+00:00",</span> <span class="pre">"password_reset_required":</span> <span class="pre">false,</span> <span class="pre">"user_name":</span> <span class="pre">"i_am_a_user"}</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/password_last_used"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-password-last-used"><strong>password_last_used</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/password_last_used" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -430,7 +439,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"2016-05-25T13:39:11+00:00"</span></code></p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/path"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-path"><strong>path</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/path" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -439,7 +448,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"/dev/"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/tags"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-tags"><strong>tags</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/tags" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
@@ -448,7 +457,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{"Env":</span> <span class="pre">"Prod"}</span></code></p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/user_id"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-user-id"><strong>user_id</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/user_id" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -457,7 +466,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"AIDUIOOCQKTUGI6QJLGH2"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/user_name"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-user-name"><strong>user_name</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/user_name" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
|
alinabuzachis
approved these changes
Mar 25, 2024
hakbailey
approved these changes
Apr 1, 2024
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/1ef5d2bf05b84f3e81881e5a43d1ee9f ✔️ ansible-galaxy-importer SUCCESS in 4m 58s |
|
regate |
|
Build succeeded (gate pipeline). ✔️ ansible-galaxy-importer SUCCESS in 5m 59s |
softwarefactory-project-zuul
bot
deleted the
patchback/backports/stable-7/8b138e3947ede41de8264e9a4aabcfd7a2759891/pr-2012
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #2012 as merged into main (8b138e3).
Summary
I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface.
Issue Type
Component Name: botocore
includes the botocore interaction, specifically regarding the console_access information retrievals
Additional Information
With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console
Before the change a normal response:
After the change: