Menu
I need to fetch all the aws user's, their corresponding groups, policies and then if mfa is activated for them or not. Can anyone tell me how it can be done via aws cli or boto.
I have a script that fetches out just the all user's in aws.
import boto3
from boto3 import *
import argparse
access_key = ''
secret_key = ''
def get_iam_uses_list():
client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
my_list=list()
iam_all_users = client.list_users(MaxItems=200)
for user in iam_all_users['Users']:
my_list.append(user['UserName'])
#
for i in my_list:
print i
# print "read complete"
#
# for i in my_list:
# iam_user_policy=client.list_attached_user_policies(UserName=i)
# for policy in iam_user_policy['AttachedPolicies']:
# print "%s \t %s" %(i, policy['PolicyName'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument('access_key', help='Access Key');
parser.add_argument('secret_key', help='Secret Key');
args = parser.parse_args()
global access_key
global secret_key
access_key = args.access_key
secret_key = args.secret_key
get_iam_uses_list()
if __name__ =='__main__':main()
480
Here, I am using boto commands to do four operations -
Get IAM connection to AWS Account
import boto3
client = boto3.client('iam',aws_access_key_id="XXX",aws_secret_access_key="XXX")
Getting IAM Users This will print all the usernames. you can customize if you want to print other details as well.
users = client.list_users()
for key in users['Users']:
print key['UserName']
Getting List of Policy attached to each user
for key in users['Users']:
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
for key in List_of_Policies['PolicyNames']:
print key['PolicyName']
Getting List of Groups attached to each user
for key in users['Users']:
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for key in List_of_Groups['Groups']:
print key['GroupName']
Checking if MFA Device is configured or not
for key in users['Users']:
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
for key in List_of_MFA_Devices['MFADevices']:
print key
You can further check if List_of_MFA_Devices['MFADevices'] is empty or not. If empty, then MFA Device is not configured.
If you want to add output as List of Dict where each index will contain dict have value pairs for userName, Groups, Policy, isMFA_flag_configured or not. Use the following code -
import boto3
client = boto3.client('iam',aws_access_key_id="XXXX",aws_secret_access_key="YYY")
users = client.list_users()
user_list = []
for key in users['Users']:
result = {}
Policies = []
Groups=[]
result['userName']=key['UserName']
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
result['Policies'] = List_of_Policies['PolicyNames']
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for Group in List_of_Groups['Groups']:
Groups.append(Group['GroupName'])
result['Groups'] = Groups
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
if not len(List_of_MFA_Devices['MFADevices']):
result['isMFADeviceConfigured']=False
else:
result['isMFADeviceConfigured']=True
user_list.append(result)
for key in user_list:
print key
Output for the above code -
{'userName': 'user1', 'Groups': ['grp1','grp2'], 'Policies':['policy1','policy2], 'isMFADeviceConfigured': False/True}
{'userName': 'user2', 'Groups': ['grp1','grp2'], 'Policies': ['policy1','policy2], 'isMFADeviceConfigured': False/True}
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
