gene1wood/get_policy_documents_for_role.py

## get_policy_documents_for_role.py
import boto3


def get_paginated_results(product, action, key, credentials=None, args=None):
    args = {} if args is None else args
    credentials = {} if credentials is None else credentials
    return [y for sublist in [x[key] for x in boto3.client(
        product, **credentials).get_paginator(action).paginate(**args)]
            for y in sublist]


def get_policy_documents_for_role(role_name, credentials):
    attached_policies = get_paginated_results(
        'iam', 'list_attached_role_policies', 'AttachedPolicies',
        credentials, {'RoleName': role_name})
    inline_policies = get_paginated_results(
        'iam', 'list_role_policies', 'PolicyNames',
        credentials, {'RoleName': role_name})
    policies = []
    client_iam = boto3.client(
        'iam', **credentials)
    for policy_arn in [x['PolicyArn'] for x in attached_policies]:
        version_id = client_iam.get_policy(
            PolicyArn=policy_arn)['Policy']['DefaultVersionId']
        response = client_iam.get_policy_version(
            PolicyArn=policy_arn, VersionId=version_id)
        # supposedly boto3 urldecodes and json parses the document
        # https://docs.aws.amazon.com/code-samples/latest/catalog/python-iam-get_policy_version.py.html
        policies.extend(response['PolicyVersion']['Document'])
    for policy_name in inline_policies:
        response = client_iam.get_role_policy(
            RoleName=role_name,
            PolicyName=policy_name)
        # see if an IAM policy written in YAML in CloudFormation is correctly parsed and returned here as an object
        policies.extend(response['PolicyDocument'])
    return policies
	import boto3


	def get_paginated_results(product, action, key, credentials=None, args=None):
	args = {} if args is None else args
	credentials = {} if credentials is None else credentials
	return [y for sublist in [x[key] for x in boto3.client(
	product, credentials).get_paginator(action).paginate(args)]
	for y in sublist]


	def get_policy_documents_for_role(role_name, credentials):
	attached_policies = get_paginated_results(
	'iam', 'list_attached_role_policies', 'AttachedPolicies',
	credentials, {'RoleName': role_name})
	inline_policies = get_paginated_results(
	'iam', 'list_role_policies', 'PolicyNames',
	credentials, {'RoleName': role_name})
	policies = []
	client_iam = boto3.client(
	'iam', **credentials)
	for policy_arn in [x['PolicyArn'] for x in attached_policies]:
	version_id = client_iam.get_policy(
	PolicyArn=policy_arn)['Policy']['DefaultVersionId']
	response = client_iam.get_policy_version(
	PolicyArn=policy_arn, VersionId=version_id)
	# supposedly boto3 urldecodes and json parses the document
	# https://docs.aws.amazon.com/code-samples/latest/catalog/python-iam-get_policy_version.py.html
	policies.extend(response['PolicyVersion']['Document'])
	for policy_name in inline_policies:
	response = client_iam.get_role_policy(
	RoleName=role_name,
	PolicyName=policy_name)
	# see if an IAM policy written in YAML in CloudFormation is correctly parsed and returned here as an object
	policies.extend(response['PolicyDocument'])
	return policies