Getting AWS IAM info via AWS CLI and Linux

Hi friends, I wrote a script that is useful for getting AWS IAM info: [ account number, users, list of groups to which each user belongs and any policies attached directly to the user ] in one place.  The script consists of a main.sh and a helper.sh. Place both scripts in your home directory. The scripts assume you already have the AWS CLI tools installed and your API key is configured.

Main.sh Script 

#!/bin/bash
touch aws_user_list
touch aws_iam_list
aws iam list-users | grep UserName | cut -d ':' -f 2 >temp; sed 's/\"//g' temp >temp1; sed 's/,//g' temp1 >aws_user_list;
printf "The AWS Account Number for this report is " >aws_iam_list
aws sts get-caller-identity --output text --query 'Account' >>aws_iam_list;
aws iam list-users --output table >> aws_iam_list;
cat aws_user_list | source ./helper.sh >> aws_iam_list;


 

helper.sh   Script

#!/bin/bash
while read LINE; do echo $LINE; aws iam list-groups-for-user --user-name $LINE; aws iam list-attached-user-policies --user-name $LINE; aws iam list-user-policies --user-name $LINE

done

 

# Script pieces

aws iam list-users --output table
aws iam list-groups-for-user --user-name
aws iam list-attached-user-policies --user-name
aws iam list-user-policies --user-name

#get your AWS account ID from CLI 
aws sts get-caller-identity --output text --query 'Account'

For future, next rev of script I need to iterate through a list of groups:

aws iam list-attached-group-policies --group-name 

aws iam list-group-policies --group-name
This entry was posted in AWS, AWS Certified Solutions Architect, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s