79423697

Date: 2025-02-08 18:16:16
Score: 4
Natty:
Report link

What is the correct way to call this method?

If you're trying to list users from AWS IAM Identity Center, you need to use the region-specific Identity Store API URL instead. This is different from how you list users in IAM.

Unlike IAM, it uses POST request with a JSON body to the following URL (assuming you have set the authorization headers for AWS correctly):

https://identitystore.${identity_center_region}.amazonaws.com/

(The path is /.)

Request headers:

Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSIdentityStore.ListUsers

Request body:

{
  "IdentityStoreId": "${identity_store_id}"
}

Replace ${identity_center_region} with the region where you created your Identity Center instance (e.g. us-east-1) and replace ${identity_store_id} with its ID (e.g. d-1234567890).

How do you find this?

Nick Frichette explains how AWS API requests are structured based on different protocols on his blog.As he points out in the blog, all of this can be found in the AWS SDKs, but we'll use Botocore here.

To construct an API request for Identity Store using Botocore, you can refer to the following sources:

1. For endpoint URL

The Identity Store API's endpoint URL is defined in Botocore's endpoint rule set:

"endpoint": {
    "url": "https://identitystore.{Region}.amazonaws.com",
    "properties": {},
    "headers": {}
},

2. For request headers

You can check the serialization logic for JSON for the expected request headers:

serialized['headers'] = {
    'X-Amz-Target': target,
    'Content-Type': f'application/x-amz-json-{json_version}',
}

3. For request format

The service definition file provides metadata about the request format and operation:

"metadata": {
    "apiVersion": "2020-06-15",
    "endpointPrefix": "identitystore",
    "jsonVersion": "1.1",
    "protocol": "json",
    "serviceAbbreviation": "IdentityStore",
    "serviceFullName": "AWS SSO Identity Store",
    "serviceId": "identitystore",
    "signatureVersion": "v4",
    "signingName": "identitystore",
    "targetPrefix": "AWSIdentityStore",
    "uid": "identitystore-2020-06-15"
},

The ListUsers operation is defined with its HTTP method and path:

"ListUsers": {
    "name": "ListUsers",
    "http": {
        "method": "POST",
        "requestUri": "/"
    }
}

So combine all this information and you have everything needed to construct the final request in Postman.

Reasons:
  • Blacklisted phrase (1): How do you
  • RegEx Blacklisted phrase (2.5): do you find this
  • Long answer (-1):
  • Has code block (-0.5):
  • Contains question mark (0.5):
  • Starts with a question (0.5): What is the
  • Low reputation (1):
Posted by: jarp0l