Last active
July 14, 2023 09:33
-
-
Save hernandanielg/430f3adb8e297f37ef6f0efb45a51bdc to your computer and use it in GitHub Desktop.
Bash script to delete IAM users using AWS cli tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # @author: Hernan Garcia <hernandanielg@gmail.com> | |
| # https://gist.github.com/hernandanielg/430f3adb8e297f37ef6f0efb45a51bdc | |
| # | |
| # usage: ./delete_iam_user.sh [options] <user> | |
| # options: | |
| # -d|--dry-run dry run mode | |
| # | |
| AWS_CLI_IAM_CMD="aws iam" | |
| list_items() { | |
| local AWS_CLI_LIST_CMD="$1" | |
| local AWS_CLI_LIST_QUERY="$2" | |
| $AWS_CLI_IAM_CMD $AWS_CLI_LIST_CMD --user-name $user --query $AWS_CLI_LIST_QUERY --output text | |
| } | |
| remove_items() { | |
| [[ -z $1 ]] && return 0 | |
| local ITEMS=$1 | |
| local AWS_CLI_DELETE_CMD="$2" | |
| local AWS_CLI_ITEM_FLAG="$3" | |
| for item in $ITEMS ; | |
| do | |
| local cmd="$AWS_CLI_IAM_CMD $AWS_CLI_DELETE_CMD --user-name $user --$AWS_CLI_ITEM_FLAG $item" | |
| if [[ $DRY_RUN == true ]]; then | |
| >&2 echo "[dry-run] $cmd" | |
| continue | |
| fi | |
| >&2 echo "$cmd" | |
| $cmd | |
| done | |
| } | |
| usage() { | |
| >&2 echo "usage: $0 [-d|--dry-run] <user>" | |
| exit -1 | |
| } | |
| unknown_flag() { | |
| if [ "$OPTERR" = 1 ] && [ "${optspec:0:1}" != ":" ]; then | |
| >&2 echo "Unknown flag --${OPTARG}" | |
| usage | |
| fi | |
| } | |
| check_user_exists() { | |
| local user=$1 | |
| if [[ -z $($AWS_CLI_IAM_CMD get-user --user-name $user 2>/dev/null) ]] | |
| then | |
| >&2 echo "user not found: $user" | |
| exit -2 | |
| fi | |
| } | |
| while getopts ":dh-:" optchar; do | |
| case "${optchar}" in | |
| -) | |
| case "${OPTARG}" in | |
| dry-run) | |
| DRY_RUN=true | |
| >&2 echo "dry run mode..." | |
| ;; | |
| help) | |
| usage | |
| ;; | |
| *) | |
| unknown_flag | |
| ;; | |
| esac;; | |
| d) | |
| DRY_RUN=true | |
| >&2 echo "dry run mode..." | |
| ;; | |
| h) | |
| usage | |
| ;; | |
| *) | |
| unknown_flag | |
| ;; | |
| esac | |
| done | |
| shift "$(($OPTIND -1))" | |
| if [ $# -eq 0 ]; then | |
| usage | |
| fi | |
| user=$1 | |
| check_user_exists $user | |
| echo -e "\nUser to be deleted: $user \n" | |
| read -p "Type user name \"$user\" to continue: " | |
| if [ "$REPLY" != $user ]; then | |
| >&2 echo "Cancelled" | |
| exit -3 | |
| fi | |
| echo | |
| while read listcmd filter deletecmd flag ; | |
| do | |
| items="$(list_items "$listcmd" "$filter")" | |
| [[ -z $items ]] && continue | |
| remove_items "$items" "$deletecmd" "$flag" | |
| done <<EOF | |
| list-access-keys AccessKeyMetadata[*].AccessKeyId delete-access-key access-key-id | |
| list-signing-certificates Certificates[*].CertificateId delete-signing-certificate certificate-id | |
| list-ssh-public-keys SSHPublicKeys[*].SSHPublicKeyId delete-ssh-public-key ssh-public-key | |
| list-service-specific-credentials ServiceSpecificCredentials[*].ServiceSpecificCredentialId delete-service-specific-credential service-specific-credential-id | |
| list-mfa-devices MFADevices[*].SerialNumber deactivate-mfa-device serial-number | |
| list-mfa-devices MFADevices[*].SerialNumber delete-virtual-mfa-device serial-number | |
| list-user-policies PolicyNames[*] delete-user-policy policy-name | |
| list-attached-user-policies AttachedPolicies[*].PolicyArn detach-user-policy policy-arn | |
| list-groups-for-user Groups[*].GroupName remove-user-from-group group-name | |
| get-login-profile LoginProfile.UserName delete-login-profile user-name | |
| get-user User.UserName delete-user user-name | |
| EOF |
Thank you for the script, It's very useful 🚀🚀
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example execution: