Created
February 12, 2017 19:38
-
-
Save intxparts/40fbff470c27d8f35a9b103bf34b9c31 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const _ = require('underscore'); // 1.7.0 | |
const AWS = require('aws-sdk'); // 2.2.46 | |
const delay = 3000; | |
let deletedIamUsers = 0; | |
let creds = { | |
accessKeyId: '<insert your accessKeyId>', | |
secretAccessKey: '<insert your secretAccessKey>' | |
}; | |
let iam = new AWS.IAM(creds); | |
const resolveAWSPromise = (resolve, reject) => { | |
return (err, data) => { | |
if (err) | |
reject(err); | |
else | |
resolve(data); | |
}; | |
}; | |
const wait = (delay) => { | |
return new Promise((resolve, reject) => { | |
console.log(`delaying ${delay} milliseconds...`); | |
setTimeout(resolve, delay); | |
}); | |
}; | |
const listAccessKeys = (user, marker) => { | |
return new Promise((resolve, reject) => { | |
console.log(`listing users access keys: ${user.UserName}`); | |
iam.listAccessKeys({ UserName: user.UserName, Marker: marker }, (err, data) => { | |
if (err) reject(err); | |
console.log(data); | |
if (data.IsTruncated) { | |
return wait(delay) | |
.then(() => listAccessKeys(user, data.Marker)) | |
.then(accessKeys => { | |
resolve(data.AccessKeyMetadata.concat(accessKeys)); | |
}); | |
} | |
resolve(data.AccessKeyMetadata); | |
}); | |
}); | |
}; | |
const deleteAccessKey = (user, accessKey) => { | |
return new Promise((resolve, reject) => { | |
console.log(`deleting accessKey: ${accessKey}...`); | |
iam.deleteAccessKey({ AccessKeyId: accessKey, UserName: user.UserName }, resolveAWSPromise(resolve, reject)); | |
}); | |
}; | |
const deleteUsersAccessKeys = (user) => { | |
return listAccessKeys(user, undefined) | |
.then(accessKeys => { | |
console.log(`Found ${accessKeys.length} access keys`); | |
let deletedAccessKeys = 0; | |
return accessKeys.reduce((current, next) => { | |
return current | |
.then(() => wait(delay)) | |
.then(() => deleteAccessKey(user, next.AccessKeyId)) | |
.then(() => { deletedAccessKeys += 1; }) | |
.catch(err => { | |
console.log(`Failed to delete access key: ${next.AccessKeyId}`); | |
console.error(err); | |
return Promise.resolve(); | |
}); | |
}, Promise.resolve()); | |
}); | |
}; | |
const deleteUserPolicy = (user) => { | |
return new Promise((resolve, reject) => { | |
console.log(`deleting user policy for user: ${user.UserName}...`); | |
iam.deleteUserPolicy({ UserName: user.UserName, PolicyName: 'P' + user.UserName }, resolveAWSPromise(resolve, reject)); | |
}); | |
}; | |
const deleteIAMUser = (user) => { | |
return new Promise((resolve, reject) => { | |
console.log(`deleting iam user... ${user.UserName}`); | |
deletedIamUsers += 1; | |
iam.deleteUser({ UserName: user.UserName }, resolveAWSPromise(resolve, reject)); | |
}); | |
}; | |
const listIAMUsers = (marker, path) => { | |
return new Promise((resolve, reject) => { | |
console.log(`listing iam users for ${path}...`); | |
iam.listUsers({ Marker: marker, PathPrefix: path }, (err, data) => { | |
if (err) reject(err); | |
console.log(data); | |
if (data.IsTruncated) { | |
return wait(delay) | |
.then(() => listIAMUsers(data.Marker, path)) | |
.then(users => { | |
resolve(data.Users.concat(users)); | |
}); | |
} | |
resolve(data.Users); | |
}); | |
}); | |
}; | |
const cascadeDeleteUser = (user) => { | |
return deleteUserPolicy(user) | |
.then(() => wait(delay)) | |
.then(() => deleteUsersAccessKeys(user)) | |
.then(() => listAccessKeys(user, undefined)) | |
.then(accessKeys => { | |
if (accessKeys.length > 0) { | |
console.log(`not all access keys were deleted for user: ${user.UserName} skipping deletion of user, please re-run script`); | |
return Promise.reject(); | |
} | |
return deleteIAMUser(user); | |
}); | |
}; | |
const cascadeDeleteIAMUsers = (whitelist, path) => { | |
return listIAMUsers(undefined, path) | |
.then(users => { | |
console.log('completed fetching users...'); | |
console.log(`${users.length} total users found.`); | |
let usersToDelete = users.filter(user => { | |
console.log(`user: ${user.UserName} path: ${user.Path}`); | |
let filterConditionSatisfied = false /* modify */; | |
return filterConditionSatisfied; | |
}); | |
console.log(`${usersToDelete.length} users to delete`); | |
return usersToDelete.reduce((current, next) => { | |
return current | |
.then(() => wait(delay)) | |
.then(cascadeDeleteUser(next)) | |
.catch(err => { | |
console.log(`failed to cascade delete iamUser: ${next.UserName}`); | |
console.error(err); | |
return Promise.resolve(); | |
}); | |
}, Promise.resolve()); | |
}); | |
}; | |
(function main() { | |
return cascadeDeleteIAMUsers(['whitelist'], 'path_prefix') | |
.then(() => { | |
console.log(`deleted ${deletedIamUsers} users`); | |
}) | |
.catch(err => { | |
console.log('Failed to cascade delete users...'); | |
console.error(err); | |
}); | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment