Skip to content

Instantly share code, notes, and snippets.

@dgulinobw
Last active July 22, 2021 20:57
Show Gist options
  • Save dgulinobw/6b8b2433dcc8bf790bb4e31775eb54c4 to your computer and use it in GitHub Desktop.
Save dgulinobw/6b8b2433dcc8bf790bb4e31775eb54c4 to your computer and use it in GitHub Desktop.
List out all AWS IAM policies of user, group, role, and s3 buckets
#!/usr/bin/env python
from __future__ import print_function
import boto3
import sys
from pygments import highlight, lexers, formatters
from botocore.exceptions import ClientError
iam = boto3.resource('iam')
s3 = boto3.client('s3')
iam_client = boto3.client('iam')
def highlight_python(python_code):
return highlight(str(python_code), lexers.PythonLexer(),formatters.TerminalFormatter())
def hp(python_code):
return highlight_python(python_code)
for group in iam.groups.all():
for policy in group.attached_policies.all():
try:
print('group: {}, attached_policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)) )
except AttributeError as e:
print('group: {}, {}'.format( group.name, policy ))
for policy in group.policies.all():
print('group: {}, policy: {} = {}'.format( group.name, policy.name, hp(policy.policy_document)))
for user in iam.users.all():
for policy in user.attached_policies.all():
try:
print('user: {}, attached_policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)) )
except AttributeError as e:
print('user: {}, {}'.format( user.name, policy) )
for policy in user.policies.all():
print('user: {}, policy: {} = {}'.format( user.name, policy.name, hp(policy.policy_document)))
for role in iam.roles.all():
for policy in role.attached_policies.all():
default_version = policy.default_version
print('role: {}, policy: {}'.format( role.name, hp(default_version.document)))
for policy in role.policies.all():
print('role: {}, policy: {} = {}'.format( role.name, policy.name, hp(policy.policy_document)))
for bucket_name in [bucket.get("Name") for bucket in s3.list_buckets().get("Buckets")]:
try:
policy = s3.get_bucket_policy(Bucket=bucket_name)
print('bucket: {} = {}'.format( bucket_name, hp(policy)) )
except(ClientError):
print('bucket: {} has no policy attached'.format( bucket_name)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment