I would like to use the rest api to get the list of AWS IAM role ARNs assigned to a particular application user. I am able to do this in the somewhat piecemeal way below – but is there is a better way of doing this?
- Get the app:
GET /api/v1/apps/<my app id>
- Locate and extract the aws account id from the identity provider arn in the response to 1:
“settings” -> “app” -> “identityProviderArn”
- Get the app user:
GET /api/v1/apps/<my app id>/users
- Locate the SAML roles from the user profile in the response from 3.
"profile" -> "samlRoles"
- Construct the aws role arns from 2. and 4.