intxparts/CascadeDeleteAWSIamUsers.js

## CascadeDeleteAWSIamUsers.js
'use strict';

const _ = require('underscore'); // 1.7.0
const AWS = require('aws-sdk'); // 2.2.46

const delay = 3000;
let deletedIamUsers = 0;

let creds = {
    accessKeyId: '<insert your accessKeyId>',
    secretAccessKey: '<insert your secretAccessKey>'
};
let iam = new AWS.IAM(creds);

const resolveAWSPromise = (resolve, reject) => {
    return (err, data) => {
        if (err)
            reject(err);
        else
            resolve(data);
    };
};

const wait = (delay) => {
    return new Promise((resolve, reject) => {
        console.log(`delaying ${delay} milliseconds...`);
        setTimeout(resolve, delay);
    });
};

const listAccessKeys = (user, marker) => {
    return new Promise((resolve, reject) => {
        console.log(`listing users access keys: ${user.UserName}`);
        iam.listAccessKeys({ UserName: user.UserName, Marker: marker }, (err, data) => {
            if (err) reject(err);
            console.log(data);
            if (data.IsTruncated) {
                return wait(delay)
                    .then(() => listAccessKeys(user, data.Marker))
                    .then(accessKeys => {
                        resolve(data.AccessKeyMetadata.concat(accessKeys));
                    });
            }
            resolve(data.AccessKeyMetadata);
        });
    });
};

const deleteAccessKey = (user, accessKey) => {
    return new Promise((resolve, reject) => {
        console.log(`deleting accessKey: ${accessKey}...`);
        iam.deleteAccessKey({ AccessKeyId: accessKey, UserName: user.UserName }, resolveAWSPromise(resolve, reject));
    });
};

const deleteUsersAccessKeys = (user) => {
    return listAccessKeys(user, undefined)
        .then(accessKeys => {
            console.log(`Found ${accessKeys.length} access keys`);
            let deletedAccessKeys = 0;
            return accessKeys.reduce((current, next) => {
                return current
                    .then(() => wait(delay))
                    .then(() => deleteAccessKey(user, next.AccessKeyId))
                    .then(() => { deletedAccessKeys += 1; })
                    .catch(err => {
                        console.log(`Failed to delete access key: ${next.AccessKeyId}`);
                        console.error(err);
                        return Promise.resolve();
                    });
            }, Promise.resolve());
        });
};

const deleteUserPolicy = (user) => {
    return new Promise((resolve, reject) => {
        console.log(`deleting user policy for user: ${user.UserName}...`);
        iam.deleteUserPolicy({ UserName: user.UserName, PolicyName: 'P' + user.UserName }, resolveAWSPromise(resolve, reject));
    });
};

const deleteIAMUser = (user) => {
    return new Promise((resolve, reject) => {
        console.log(`deleting iam user... ${user.UserName}`);
        deletedIamUsers += 1;
        iam.deleteUser({ UserName: user.UserName }, resolveAWSPromise(resolve, reject));
    });
};

const listIAMUsers = (marker, path) => {
    return new Promise((resolve, reject) => {
        console.log(`listing iam users for ${path}...`);
        iam.listUsers({ Marker: marker, PathPrefix: path }, (err, data) => {
            if (err) reject(err);
            console.log(data);
            if (data.IsTruncated) {
                return wait(delay)
                    .then(() => listIAMUsers(data.Marker, path))
                    .then(users => {
                        resolve(data.Users.concat(users));
                    });
            }
            resolve(data.Users);
        });
    });
};

const cascadeDeleteUser = (user) => {
    return deleteUserPolicy(user)
        .then(() => wait(delay))
        .then(() => deleteUsersAccessKeys(user))
        .then(() => listAccessKeys(user, undefined))
        .then(accessKeys => {
            if (accessKeys.length > 0) {
                console.log(`not all access keys were deleted for user: ${user.UserName} skipping deletion of user, please re-run script`);
                return Promise.reject();
            }
            return deleteIAMUser(user);
        });
};

const cascadeDeleteIAMUsers = (whitelist, path) => {
    return listIAMUsers(undefined, path)
        .then(users => {
            console.log('completed fetching users...');
            console.log(`${users.length} total users found.`);
            let usersToDelete = users.filter(user => {
                console.log(`user: ${user.UserName} path: ${user.Path}`);
                let filterConditionSatisfied = false /* modify */;
                return filterConditionSatisfied;
            });
            console.log(`${usersToDelete.length} users to delete`);
            return usersToDelete.reduce((current, next) => {
                return current
                    .then(() => wait(delay))
                    .then(cascadeDeleteUser(next))
                    .catch(err => {
                        console.log(`failed to cascade delete iamUser: ${next.UserName}`);
                        console.error(err);
                        return Promise.resolve();
                    });
            }, Promise.resolve());
        });
};

(function main() {
    return cascadeDeleteIAMUsers(['whitelist'], 'path_prefix')
        .then(() => {
            console.log(`deleted ${deletedIamUsers} users`);
        })
        .catch(err => {
            console.log('Failed to cascade delete users...');
            console.error(err);
        });
})();
	'use strict';

	const _ = require('underscore'); // 1.7.0
	const AWS = require('aws-sdk'); // 2.2.46

	const delay = 3000;
	let deletedIamUsers = 0;

	let creds = {
	accessKeyId: '<insert your accessKeyId>',
	secretAccessKey: '<insert your secretAccessKey>'
	};
	let iam = new AWS.IAM(creds);

	const resolveAWSPromise = (resolve, reject) => {
	return (err, data) => {
	if (err)
	reject(err);
	else
	resolve(data);
	};
	};

	const wait = (delay) => {
	return new Promise((resolve, reject) => {
	console.log(`delaying ${delay} milliseconds...`);
	setTimeout(resolve, delay);
	});
	};

	const listAccessKeys = (user, marker) => {
	return new Promise((resolve, reject) => {
	console.log(`listing users access keys: ${user.UserName}`);
	iam.listAccessKeys({ UserName: user.UserName, Marker: marker }, (err, data) => {
	if (err) reject(err);
	console.log(data);
	if (data.IsTruncated) {
	return wait(delay)
	.then(() => listAccessKeys(user, data.Marker))
	.then(accessKeys => {
	resolve(data.AccessKeyMetadata.concat(accessKeys));
	});
	}
	resolve(data.AccessKeyMetadata);
	});
	});
	};

	const deleteAccessKey = (user, accessKey) => {
	return new Promise((resolve, reject) => {
	console.log(`deleting accessKey: ${accessKey}...`);
	iam.deleteAccessKey({ AccessKeyId: accessKey, UserName: user.UserName }, resolveAWSPromise(resolve, reject));
	});
	};

	const deleteUsersAccessKeys = (user) => {
	return listAccessKeys(user, undefined)
	.then(accessKeys => {
	console.log(`Found ${accessKeys.length} access keys`);
	let deletedAccessKeys = 0;
	return accessKeys.reduce((current, next) => {
	return current
	.then(() => wait(delay))
	.then(() => deleteAccessKey(user, next.AccessKeyId))
	.then(() => { deletedAccessKeys += 1; })
	.catch(err => {
	console.log(`Failed to delete access key: ${next.AccessKeyId}`);
	console.error(err);
	return Promise.resolve();
	});
	}, Promise.resolve());
	});
	};

	const deleteUserPolicy = (user) => {
	return new Promise((resolve, reject) => {
	console.log(`deleting user policy for user: ${user.UserName}...`);
	iam.deleteUserPolicy({ UserName: user.UserName, PolicyName: 'P' + user.UserName }, resolveAWSPromise(resolve, reject));
	});
	};

	const deleteIAMUser = (user) => {
	return new Promise((resolve, reject) => {
	console.log(`deleting iam user... ${user.UserName}`);
	deletedIamUsers += 1;
	iam.deleteUser({ UserName: user.UserName }, resolveAWSPromise(resolve, reject));
	});
	};

	const listIAMUsers = (marker, path) => {
	return new Promise((resolve, reject) => {
	console.log(`listing iam users for ${path}...`);
	iam.listUsers({ Marker: marker, PathPrefix: path }, (err, data) => {
	if (err) reject(err);
	console.log(data);
	if (data.IsTruncated) {
	return wait(delay)
	.then(() => listIAMUsers(data.Marker, path))
	.then(users => {
	resolve(data.Users.concat(users));
	});
	}
	resolve(data.Users);
	});
	});
	};

	const cascadeDeleteUser = (user) => {
	return deleteUserPolicy(user)
	.then(() => wait(delay))
	.then(() => deleteUsersAccessKeys(user))
	.then(() => listAccessKeys(user, undefined))
	.then(accessKeys => {
	if (accessKeys.length > 0) {
	console.log(`not all access keys were deleted for user: ${user.UserName} skipping deletion of user, please re-run script`);
	return Promise.reject();
	}
	return deleteIAMUser(user);
	});
	};

	const cascadeDeleteIAMUsers = (whitelist, path) => {
	return listIAMUsers(undefined, path)
	.then(users => {
	console.log('completed fetching users...');
	console.log(`${users.length} total users found.`);
	let usersToDelete = users.filter(user => {
	console.log(`user: ${user.UserName} path: ${user.Path}`);
	let filterConditionSatisfied = false /* modify */;
	return filterConditionSatisfied;
	});
	console.log(`${usersToDelete.length} users to delete`);
	return usersToDelete.reduce((current, next) => {
	return current
	.then(() => wait(delay))
	.then(cascadeDeleteUser(next))
	.catch(err => {
	console.log(`failed to cascade delete iamUser: ${next.UserName}`);
	console.error(err);
	return Promise.resolve();
	});
	}, Promise.resolve());
	});
	};

	(function main() {
	return cascadeDeleteIAMUsers(['whitelist'], 'path_prefix')
	.then(() => {
	console.log(`deleted ${deletedIamUsers} users`);
	})
	.catch(err => {
	console.log('Failed to cascade delete users...');
	console.error(err);
	});
	})();