Created
May 19, 2016 01:12
-
-
Save NicholasLeader/02c76ea877e44fc76ef21c71d63fa48b to your computer and use it in GitHub Desktop.
PowerShell AWS IAM user audit example using Amazon's PowerShell Module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Nicholas Leader | |
05/18/2016 | |
Example of using the 'AWS Tools For Windows PowerShell' : http://docs.aws.amazon.com/powershell/latest/userguide/pstools-welcome.html | |
In this example I'm doing a very simple audit to see which users (IAM users) were created in the last week. | |
This script requires AWS Tools to be installed locally. Amazon has an MSI on their website. | |
#> | |
## Importing the AWS module so the script has acces to the AWS cmdelets | |
Import-Module "C:\Program Files (x86)\AWS Tools\PowerShell\AWSPowerShell\AWSPowerShell.psd1" | |
## getting the IAM users | |
## this is using the default AWS profile / credentials on the endpoint that's runnng this script | |
Get-IAMUsers | | |
## filtering the users on creation date, if they've been created in the last week this will pull in the data | |
Where-Object { | |
$_.createDate -gt (Get-Date).AddDays(-7)} | |
## the report could be scheduled weekly to be reviewed by a human, confirming no suspect account have been added. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current landing page for the PowerShell AWS SDK / module: https://aws.amazon.com/powershell/ as of 8.16.2019. Should be noted the above script requires IAM role access to list IAM users.