dgulinobw/iam_scan.py

## iam_scan.py
#!/usr/bin/env python
from __future__ import print_function
import boto3
import sys

from pygments import highlight, lexers, formatters
from botocore.exceptions import ClientError

iam = boto3.resource('iam')
s3 = boto3.client('s3')
iam_client = boto3.client('iam')

def highlight_python(python_code):
    return highlight(str(python_code), lexers.PythonLexer(),formatters.TerminalFormatter())

def hp(python_code):
    return highlight_python(python_code)

for group in iam.groups.all():
    for policy in group.attached_policies.all():
        try:
            print('group: {}, attached_policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)) )
        except AttributeError as e:
            print('group: {},  {}'.format( group.name, policy ))
    for policy in group.policies.all():
        print('group: {}, policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)))

for user in iam.users.all():
    for policy in user.attached_policies.all():
        try:
            print('user: {}, attached_policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)) )
        except AttributeError as e:
            print('user: {}, {}'.format( user.name, policy) )
    for policy in user.policies.all():
        print('user: {}, policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)))

for role in iam.roles.all():
    for policy in role.attached_policies.all():
        default_version = policy.default_version
        print('role: {}, policy: {}'.format( role.name, hp(default_version.document)))
    for policy in role.policies.all():
        print('role: {}, policy: {} = {}'.format( role.name, policy.name, hp(policy.policy_document)))

for bucket_name in [bucket.get("Name") for bucket in s3.list_buckets().get("Buckets")]:
    try:
        policy = s3.get_bucket_policy(Bucket=bucket_name)
        print('bucket: {} = {}'.format( bucket_name, hp(policy)) )
    except(ClientError):
        print('bucket: {} has no policy attached'.format( bucket_name)
	#!/usr/bin/env python
	from __future__ import print_function
	import boto3
	import sys

	from pygments import highlight, lexers, formatters
	from botocore.exceptions import ClientError

	iam = boto3.resource('iam')
	s3 = boto3.client('s3')
	iam_client = boto3.client('iam')

	def highlight_python(python_code):
	return highlight(str(python_code), lexers.PythonLexer(),formatters.TerminalFormatter())

	def hp(python_code):
	return highlight_python(python_code)

	for group in iam.groups.all():
	for policy in group.attached_policies.all():
	try:
	print('group: {}, attached_policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)) )
	except AttributeError as e:
	print('group: {}, {}'.format( group.name, policy ))
	for policy in group.policies.all():
	print('group: {}, policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)))

	for user in iam.users.all():
	for policy in user.attached_policies.all():
	try:
	print('user: {}, attached_policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)) )
	except AttributeError as e:
	print('user: {}, {}'.format( user.name, policy) )
	for policy in user.policies.all():
	print('user: {}, policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)))

	for role in iam.roles.all():
	for policy in role.attached_policies.all():
	default_version = policy.default_version
	print('role: {}, policy: {}'.format( role.name, hp(default_version.document)))
	for policy in role.policies.all():
	print('role: {}, policy: {} = {}'.format( role.name, policy.name, hp(policy.policy_document)))

	for bucket_name in [bucket.get("Name") for bucket in s3.list_buckets().get("Buckets")]:
	try:
	policy = s3.get_bucket_policy(Bucket=bucket_name)
	print('bucket: {} = {}'.format( bucket_name, hp(policy)) )
	except(ClientError):
	print('bucket: {} has no policy attached'.format( bucket_name)