Posted On: Nov 20, 2023

Announcing List Assignment APIs for AWS IAM Identity Center, enabling you to view who has access to what AWS accounts and applications. With these APIs, you can list all AWS accounts and applications that a specific user or group can access. You can use the API response in workflows to generate periodic reports and audit your employee access to AWS, saving time and effort you previously spent on manual audits. You can programmatically inspect and verify an employee’s AWS access with these APIs, and use this information to re-certify or revoke their access.

Previously, you had to manually map user or group information with their AWS access details, to build a complete view of which employee can access what AWS accounts and applications. Now, you can use the APIs to get end-to-end visibility of the user or group, what accounts and applications they can access and which permissions enabled the access. You can build scalable automations to inspect and validate access after assignments, re-certify access regularly to avoid privilege escalation and audit access through reports. The new APIs reduce the manual effort to understand how your employees get AWS access via IAM Identity Center.

AWS IAM Identity Center is available to you at no additional cost. IAM Identity Center APIs are available in all regions supported by IAM Identity Center., except AWS China regions. To learn more, see the IAM Identity Center API Reference in the AWS IAM Identity Center User Guide.