How can I identify which Okta user groups are assigned AWS IAM Roles?

dcpeach ✭✭✭✭✭
edited September 2022 in Security Operations
To obtain a list of policies and actions to AWS resources that have been granted to Okta user groups.


  • The following query should assist you with identifying AWS assigned role policies and resource actions granted to Okta user groups.
    FIND okta_user_group AS g 
      THAT ASSIGNED aws_iam_role AS r 
      THAT ASSIGNED aws_iam_policy AS p 
      THAT ALLOWS as a * AS resource 
      g.displayName AS "okta user group", r.displayName AS "access role", 
      p.displayName AS "access policy", a.actions AS actions, 
      resource.displayName AS resource

This Month's Leaders