-
Notifications
You must be signed in to change notification settings - Fork 336
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PR #2012/8b138e39 backport][stable-7] returns boolean if a user has access to console login #2023
Conversation
returns boolean if a user has access to console login Summary I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface. Issue Type Feature Pull Request Component Name: botocore includes the botocore interaction, specifically regarding the console_access information retrievals Additional Information With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console Before the change a normal response: { "arn": "arn:aws:iam::11111111:user/terraform", "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } After the change: { "arn": "arn:aws:iam::11111111:user/terraform", "console_access": false, "create_date": "2018-04-18T14:12:44+00:00", "path": "/", "tags": {}, "user_id": "12345abcd", "user_name": "terraform" } Reviewed-by: Bikouo Aubin Reviewed-by: Mark Chappell (cherry picked from commit 8b138e3)
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 46s |
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: You can compare to the docs for the File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/iam_user_info_module.html b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/iam_user_info_module.html
index 0a67acc..1d5f364 100644
--- a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/iam_user_info_module.html
+++ b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/iam_user_info_module.html
@@ -422,6 +422,15 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-iam_users/login_profile"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-login-profile"><strong>login_profile</strong></p>
+<a class="ansibleOptionLink" href="#return-iam_users/login_profile" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Detailed login profile information if the user has access to log in from AWS default console. Returns an empty object {} if no access.</p>
+<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> always</p>
+<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{"create_date":</span> <span class="pre">"2024-03-20T12:50:56+00:00",</span> <span class="pre">"password_reset_required":</span> <span class="pre">false,</span> <span class="pre">"user_name":</span> <span class="pre">"i_am_a_user"}</span></code></p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/password_last_used"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-password-last-used"><strong>password_last_used</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/password_last_used" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -430,7 +439,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"2016-05-25T13:39:11+00:00"</span></code></p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/path"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-path"><strong>path</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/path" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -439,7 +448,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"/dev/"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/tags"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-tags"><strong>tags</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/tags" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
@@ -448,7 +457,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">{"Env":</span> <span class="pre">"Prod"}</span></code></p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/user_id"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-user-id"><strong>user_id</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/user_id" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -457,7 +466,7 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-iam-user
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"AIDUIOOCQKTUGI6QJLGH2"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-iam_users/user_name"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-iam-user-info-module-return-iam-users-user-name"><strong>user_name</strong></p>
<a class="ansibleOptionLink" href="#return-iam_users/user_name" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
|
Build failed (gate pipeline). For information on how to proceed, see https://ansible.softwarefactory-project.io/zuul/buildset/1ef5d2bf05b84f3e81881e5a43d1ee9f ✔️ ansible-galaxy-importer SUCCESS in 4m 58s |
regate |
Build succeeded (gate pipeline). ✔️ ansible-galaxy-importer SUCCESS in 5m 59s |
This is a backport of PR #2012 as merged into main (8b138e3).
Summary
I've introduced a new feature that includes in the response a console_access parameter, which is a boolean indicating whether an iam user has the ability to log in through the AWS console. This addition is particularly useful for scenarios where administrative constraints require users to access AWS services exclusively via API keys or through controlled environments, such as landing zones, without using the AWS console login interface.
Issue Type
Component Name: botocore
includes the botocore interaction, specifically regarding the console_access information retrievals
Additional Information
With this update, the module now provides visibility into whether an IAM user is permitted console access. This could be pivotal for enforcing stricter security protocols, ensuring users do not bypass VPN requirements, API keys, or other access control measures by logging in through the AWS console
Before the change a normal response:
After the change: