Created
January 9, 2023 01:23
-
-
Save anairinac/bdb5a89d21989bd6c2d48a6b2915066d to your computer and use it in GitHub Desktop.
Get AWS Role names that use a given Identity Provider in their trust policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
# Given list of provider ARNs | |
providers = [] | |
iam_client = boto3.client('iam') | |
role_list = [ role['RoleName'] for role in iam_client.list_roles()['Roles'] ] | |
for provider in providers: | |
print("{}:".format( provider )) | |
for role in role_list: | |
trust_policy = iam_client.get_role( RoleName=role )['Role']['AssumeRolePolicyDocument'] | |
try: | |
if provider in trust_policy['Statement'][0]['Principal']['Federated']: | |
print( role ) | |
except Exception: | |
pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment