I am looking to generate a AWS credential report for all the accounts under an organization. Is there any way to generate the consolidated report of accounts.
I know we can generate a credential report per account (one) under an organization as per the AWS documentation
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
The same way can we generate a credential report for all the accounts in an organization with single root user? or if we can create a cross account will it help us to get all the credentials in the assumed role account?
AFAIK there is no AWS Organizations integration for the IAM service action generate-credential-report. You can look up all integrations in the docs: AWS services that you can use with AWS Organizations [1]. It looks like there is an integration for service last accessed data and IAM access analyzer.
That is, for the time being, you can probably just iterate over all your accounts and call generate-credential-report [2]. There is a python tool on GitHub that simplifies this strategy. [3]
I guess you can adjust this tool to serve your needs.
[1] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html
[2] https://docs.aws.amazon.com/cli/latest/reference/iam/generate-credential-report.html
[3] https://github.com/lloesche/aws-user-report