Home > Blockchain >  user.permissionsBoundary returns NULL while retrieving information from AWS using Java SDK
user.permissionsBoundary returns NULL while retrieving information from AWS using Java SDK

Time:01-02

I am using AWS Java SDK v2 to list users using the code defined console output
I am using the same account to make both requests.

CodePudding user response:

I have confirmed this behavior by setting a permission boundary on an IAM user in the AWS Management Console. I changed the ListUsers example to include this code:

 for(User user : response.users()) {
    System.out.format("\n Retrieved user %s", user.userName());
    AttachedPermissionsBoundary permissionsBoundary = user.permissionsBoundary();
    if (permissionsBoundary != null)
        System.out.format("\n Permissions boundary details %s", permissionsBoundary.permissionsBoundaryTypeAsString());
   }

...

The permissionsBoundary() method does return null - even though the permission is set. This is a bug.

My advice here is to log a Github issue here:

https://github.com/aws/aws-sdk-java-v2

I also tested this with Kotlin SDK. Same result.

suspend fun listAllUsers() {

        IamClient { region = "AWS_GLOBAL" }.use { iamClient ->
            val response = iamClient.listUsers(ListUsersRequest { })
            response.users?.forEach { user ->
                println("Retrieved user ${user.userName}")
                val permissionsBoundary = user.permissionsBoundary
                if (permissionsBoundary != null)
                    println("Permissions boundary details ${permissionsBoundary.permissionsBoundaryType.toString()}")

            }
        }
 }

CodePudding user response:

I do not think it is an issue, but the programmed behavior. From the API docs:

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.

This is stated as well in the API javadocs.

In the console you are using get-user, but not list-users, and this is why it is returning all the information about the user, PermissionsBoundary within it.

Please, try using:

aws iam list-users

and check the output, it should match the result you obtained with the Java SDK.

  • Related