Created
January 19, 2022 13:13
-
-
Save HrushikeshK/c0670db713a77edc501ddfb70b8498fc to your computer and use it in GitHub Desktop.
IAM Get access key code block
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_sensored_access_key(access_key): | |
first_four = access_key[:4] | |
last_four = access_key[-4:] | |
return first_four + "*********" + last_four | |
def check_access_keys(userData): | |
created_date = datetime.now() | |
last_used_date = datetime.now() | |
access_key_id = None | |
username = userData['UserName'] | |
user_arn = userData['Arn'] | |
# Below we are checking for access keys last usage | |
try: | |
res_keys = iam_client.list_access_keys(UserName=username,MaxItems=2) | |
if 'AccessKeyMetadata' in res_keys: | |
for key in res_keys['AccessKeyMetadata']: | |
if 'CreateDate' in key: | |
created_date = res_keys['AccessKeyMetadata'][0]['CreateDate'].replace(tzinfo=None) | |
if 'AccessKeyId' in key: | |
access_key_id = key['AccessKeyId'] | |
res_last_used_key = iam_client.get_access_key_last_used(AccessKeyId=access_key_id) | |
if 'LastUsedDate' in res_last_used_key['AccessKeyLastUsed']: | |
last_used_date = res_last_used_key['AccessKeyLastUsed']['LastUsedDate'].replace(tzinfo=None) | |
else: | |
last_used_date = created_date | |
difference = date_now - last_used_date | |
access_key_status = key['Status'] # Get status of the access keys | |
if difference.days > max_idle_days and access_key_status == "Active": | |
access_key = iam_resource.AccessKey(username, access_key_id) # Get user's access key details | |
# Deactivate Access key | |
ret_val = access_key.deactivate() | |
response = requests.request("POST", url, data=get_slack_payload(username, True, get_sensored_access_key(access_key_id), user_arn, diff=difference.days), headers=headers) | |
except ClientError as error: | |
print('An error occurred while listing access keys', error) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment