anthonyclarka2/get-current-role-perms.sh

## get-current-role-perms.sh
#!/bin/bash

# This script gets your current AWS role and dumps the IAM policies associated with that role
# Requires the iam:ListRolePolicies and iam:ListAttachedRolePolicies permissions
# Requires the aws cli and the jq utility
# Creative Commons Attribution-Sharealike: https://creativecommons.org/licenses/by-sa/4.0/

# TODO: compare jq vs the query parameter in the aws cli, see if there's any difference in speed or results

MY_ROLE=$(aws sts get-caller-identity | jq -r '.Arn' | cut -d'/' -f2)

ROLE_POLS=$(aws iam list-role-policies --role-name "${MY_ROLE}" | jq -r '.PolicyNames[]' | tr '\n' ',')
IFS=',' read -r -a ROLE_POLICIES <<< "$ROLE_POLS"

for POLICY in "${ROLE_POLICIES[@]}"
do
  echo "${POLICY}"
  POL_VER=$(aws iam get-role-policy --policy-name "${POLICY}" --role-name "${MY_ROLE}" | jq -r '.Policy.DefaultVersionId')
  aws iam get-role-policy --policy-name "${POLICY}" --role-name MRAD_Ops | jq -r '.PolicyDocument.Statement'
  echo
done

echo
echo

ATTD_POLS=$(aws iam list-attached-role-policies --role-name "${MY_ROLE}" | jq -r '.AttachedPolicies[].PolicyName' | tr '\n' ',')
IFS=',' read -r -a ATTD_POLICIES <<< "$ATTD_POLS"

for POLICY in "${ATTD_POLICIES[@]}"
do
  echo "${POLICY}"
  POL_VER=$(aws iam get-policy --policy-arn arn:aws:iam::aws:policy/"${POLICY}" | jq -r '.Policy.DefaultVersionId')
  aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/"${POLICY}" --version-id "${POL_VER}" | jq -r '.PolicyVersion.Document.Statement'
  echo
done
	#!/bin/bash

	# This script gets your current AWS role and dumps the IAM policies associated with that role
	# Requires the iam:ListRolePolicies and iam:ListAttachedRolePolicies permissions
	# Requires the aws cli and the jq utility
	# Creative Commons Attribution-Sharealike: https://creativecommons.org/licenses/by-sa/4.0/

	# TODO: compare jq vs the query parameter in the aws cli, see if there's any difference in speed or results

	MY_ROLE=$(aws sts get-caller-identity \| jq -r '.Arn' \| cut -d'/' -f2)

	ROLE_POLS=$(aws iam list-role-policies --role-name "${MY_ROLE}" \| jq -r '.PolicyNames[]' \| tr '\n' ',')
	IFS=',' read -r -a ROLE_POLICIES <<< "$ROLE_POLS"

	for POLICY in "${ROLE_POLICIES[@]}"
	do
	echo "${POLICY}"
	POL_VER=$(aws iam get-role-policy --policy-name "${POLICY}" --role-name "${MY_ROLE}" \| jq -r '.Policy.DefaultVersionId')
	aws iam get-role-policy --policy-name "${POLICY}" --role-name MRAD_Ops \| jq -r '.PolicyDocument.Statement'
	echo
	done

	echo
	echo

	ATTD_POLS=$(aws iam list-attached-role-policies --role-name "${MY_ROLE}" \| jq -r '.AttachedPolicies[].PolicyName' \| tr '\n' ',')
	IFS=',' read -r -a ATTD_POLICIES <<< "$ATTD_POLS"

	for POLICY in "${ATTD_POLICIES[@]}"
	do
	echo "${POLICY}"
	POL_VER=$(aws iam get-policy --policy-arn arn:aws:iam::aws:policy/"${POLICY}" \| jq -r '.Policy.DefaultVersionId')
	aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/"${POLICY}" --version-id "${POL_VER}" \| jq -r '.PolicyVersion.Document.Statement'
	echo
	done