How can I identify which Okta user groups are assigned AWS IAM Roles?

dcpeach

To obtain a list of policies and actions to AWS resources that have been granted to Okta user groups.

AaronO

The following query should assist you with identifying AWS assigned role policies and resource actions granted to Okta user groups.

FIND okta_user_group AS g 
  THAT ASSIGNED aws_iam_role AS r 
  THAT ASSIGNED aws_iam_policy AS p 
  THAT ALLOWS as a * AS resource 
RETURN
  g.displayName AS "okta user group", r.displayName AS "access role", 
  p.displayName AS "access policy", a.actions AS actions, 
  resource.displayName AS resource