jackton1/delete_iam_roles.py

## delete_iam_roles.py
from datetime import datetime, timedelta

import boto3
from dateutil.tz import UTC

client = boto3.client('iam')

fifteen_days_ago = datetime.now(tz=UTC) - timedelta(days=15)

paginator = client.get_paginator('list_roles')


for page in paginator.paginate():

    for listed_role in page['Roles']:
        role_name = listed_role['RoleName']
        role = client.get_role(RoleName=role_name)['Role']
        last_used = role.get('RoleLastUsed', {}).get('LastUsedDate')

        if (
            'edgelambda.amazonaws.com' in
            role['AssumeRolePolicyDocument']['Statement'][0]['Principal'].get("Service", []) and
            last_used and last_used > fifteen_days_ago
        ):
            print(f"{role_name}: {last_used}")

            client.delete_role_policy(
                RoleName=role_name,
                PolicyName=f'{role_name}-policy'
            )

            response = client.delete_role(
                RoleName=role_name
            )
	from datetime import datetime, timedelta

	import boto3
	from dateutil.tz import UTC

	client = boto3.client('iam')

	fifteen_days_ago = datetime.now(tz=UTC) - timedelta(days=15)

	paginator = client.get_paginator('list_roles')


	for page in paginator.paginate():

	for listed_role in page['Roles']:
	role_name = listed_role['RoleName']
	role = client.get_role(RoleName=role_name)['Role']
	last_used = role.get('RoleLastUsed', {}).get('LastUsedDate')

	if (
	'edgelambda.amazonaws.com' in
	role['AssumeRolePolicyDocument']['Statement'][0]['Principal'].get("Service", []) and
	last_used and last_used > fifteen_days_ago
	):
	print(f"{role_name}: {last_used}")

	client.delete_role_policy(
	RoleName=role_name,
	PolicyName=f'{role_name}-policy'
	)

	response = client.delete_role(
	RoleName=role_name
	)