科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>amazon web services - Calling AWS Identity Store ListUsers API in Postman - Stack Overflow

    amazon web services - Calling AWS Identity Store ListUsers API in Postman - Stack Overflow

    programmeradmin0浏览0评论

    I have downloaded the AWS example package in Postman; and I've successfully called the IAM ListUsers Action:

    /?Action=ListUsers&Version=2010-05-08

    But now I am looking to read the users in the IAM Identity Center. To that end I believe I should be calling the ListUsers Action outlined here in the Identity Store API Reference:

    .html

    However, unlike the documentation for the IAM ListUsers Action ( .html ) it doesn't give an example of the Endpoint URL I need to call, and I'm having a hard time figuring it out.

    I have given myself these permissions:

    and the AWS Signature is my auth type (defaulted by the example project)

    I'm assuming it should be a POST because it wants me to add the Identity Store in the Request.

    And I'm assuming the URL should be:

    /?Action=ListUsers&Version=2012-10-17

    Which matches what I did for the IAM ListUsers call.

    But all I'm getting is ENOTFOUND:

    What is the correct way to call this method?

    I have downloaded the AWS example package in Postman; and I've successfully called the IAM ListUsers Action:

    https://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08

    But now I am looking to read the users in the IAM Identity Center. To that end I believe I should be calling the ListUsers Action outlined here in the Identity Store API Reference:

    https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_ListUsers.html

    However, unlike the documentation for the IAM ListUsers Action ( https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html ) it doesn't give an example of the Endpoint URL I need to call, and I'm having a hard time figuring it out.

    I have given myself these permissions:

    and the AWS Signature is my auth type (defaulted by the example project)

    I'm assuming it should be a POST because it wants me to add the Identity Store in the Request.

    And I'm assuming the URL should be:

    https://identitystore.amazonaws.com/?Action=ListUsers&Version=2012-10-17

    Which matches what I did for the IAM ListUsers call.

    But all I'm getting is ENOTFOUND:

    What is the correct way to call this method?

    • amazon-web-services
    • aws-iam-identity-center
    Share Improve this question asked Feb 6 at 16:35 fei0xfei0x 4,6904 gold badges21 silver badges44 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 1 +50

    What is the correct way to call this method?

    If you're trying to list users from AWS IAM Identity Center, you need to use the region-specific Identity Store API URL instead. This is different from how you list users in IAM.

    Unlike IAM, it uses POST request with a JSON body to the following URL (assuming you have set the authorization headers for AWS correctly):

    https://identitystore.${identity_center_region}.amazonaws.com/

    (The path is /.)

    Request headers:

    Content-Type: application/x-amz-json-1.1
X-Amz-Target: AWSIdentityStore.ListUsers

    Request body:

    {
  "IdentityStoreId": "${identity_store_id}"
}

    Replace ${identity_center_region} with the region where you created your Identity Center instance (e.g. us-east-1) and replace ${identity_store_id} with its ID (e.g. d-1234567890).

    How do you find this?

    Nick Frichette explains how AWS API requests are structured based on different protocols on his blog.As he points out in the blog, all of this can be found in the AWS SDKs, but we'll use Botocore here.

    To construct an API request for Identity Store using Botocore, you can refer to the following sources:

    1. For endpoint URL

    The Identity Store API's endpoint URL is defined in Botocore's endpoint rule set:

    "endpoint": {
    "url": "https://identitystore.{Region}.amazonaws.com",
    "properties": {},
    "headers": {}
},

    2. For request headers

    You can check the serialization logic for JSON for the expected request headers:

    serialized['headers'] = {
    'X-Amz-Target': target,
    'Content-Type': f'application/x-amz-json-{json_version}',
}

    3. For request format

    The service definition file provides metadata about the request format and operation:

    "metadata": {
    "apiVersion": "2020-06-15",
    "endpointPrefix": "identitystore",
    "jsonVersion": "1.1",
    "protocol": "json",
    "serviceAbbreviation": "IdentityStore",
    "serviceFullName": "AWS SSO Identity Store",
    "serviceId": "identitystore",
    "signatureVersion": "v4",
    "signingName": "identitystore",
    "targetPrefix": "AWSIdentityStore",
    "uid": "identitystore-2020-06-15"
},

    The ListUsers operation is defined with its HTTP method and path:

    "ListUsers": {
    "name": "ListUsers",
    "http": {
        "method": "POST",
        "requestUri": "/"
    }
}

    So combine all this information and you have everything needed to construct the final request in Postman.

    Postman screenshot

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论