Last active
August 17, 2022 21:12
-
-
Save jharrington22/fb1c5aafe577563f3f75bfe4af78483a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ -z "$1" ]; then | |
echo "$0 requires a prefix arg" | |
exit 1 | |
fi | |
prefix=$1 | |
for ROLE in $(aws iam list-roles | jq -r '.Roles[].RoleName'); do | |
# echo "$ROLE" | |
if [[ "$ROLE" =~ $prefix ]]; then | |
echo "Deleting/Detaching policies from role: $ROLE" | |
for POLICY in $(aws iam list-attached-role-policies --role-name "$ROLE" | jq -r '.AttachedPolicies[].PolicyArn') | |
do | |
echo "Detaching policy $POLICY from role $ROLE" | |
aws iam detach-role-policy --role-name "$ROLE" --policy-arn "$POLICY" | |
ROLES_ATTACHED_TO_POLICY=( $(aws iam list-entities-for-policy --policy-arn "$POLICY" | jq -r .PolicyRoles[].RoleName) ) | |
echo "Number of attached roles: ${#ROLES_ATTACHED_TO_POLICY[@]}" | |
if [ ${#ROLES_ATTACHED_TO_POLICY[@]} -ge 0 ]; then | |
for r in ${ROLES_ATTACHED_TO_POLICY[@]}; do | |
echo "Policy still attached to $r detaching" | |
aws iam detach-role-policy --role-name "$r" --policy-arn "$POLICY" | |
done | |
fi | |
# You cannot delete a policy with more than one version | |
# You canont delete the default policy version | |
POLICY_VERSIONS=( $(aws iam list-policy-versions --policy-arn "$POLICY" | jq -r '.Versions[] | select(.IsDefaultVersion!=true) | .VersionId') ) | |
echo "Number of policy versions (not including default): ${#POLICY_VERSIONS[@]}" | |
if [ ${#POLICY_VERSIONS[@]} -gt 0 ]; then | |
echo "Policy has ${#POLICY_VERSIONS[@]} versions deleting them" | |
for v in ${POLICY_VERSIONS[@]}; do | |
aws iam delete-policy-version --policy-arn "$POLICY" --version-id "$v" | |
done | |
fi | |
echo "Deleting attached policy $POLICY from role $ROLE" | |
aws iam delete-policy --policy-arn "$POLICY" | |
# aws iam detach-role-policy --role-name "$ROLE" --policy-arn "arn:aws:iam::aws:policy/AdministratorAccess" | |
done | |
for POLICY in $(aws iam list-role-policies --role-name=$ROLE --query PolicyNames --output text) | |
do | |
echo "Deleting role policy $POLICY from role $ROLE" | |
aws iam delete-role-policy --role-name "$ROLE" --policy-name "$POLICY" | |
done | |
# Role cannot be attached to an instance profile and deleted | |
INSTANCE_PROFILES=( $(aws iam list-instance-profiles-for-role --role-name "$ROLE" | jq -r '.InstanceProfiles[].InstanceProfileName') ) | |
if [ ${#INSTANCE_PROFILES[@]} -ge 1 ]; then | |
echo "Role is attached to ${#INSTANCE_PROFILES[@]} instance profiles deleting them" | |
for ipn in ${INSTANCE_PROFILES[@]}; do | |
echo "Detaching role from instance profile" | |
aws iam remove-role-from-instance-profile --instance-profile-name "$ipn" --role-name "$ROLE" | |
echo "Deleting instance profile $ipn" | |
aws iam delete-instance-profile --instance-profile-name "$ipn" | |
done | |
fi | |
echo "Deleting role $ROLE" | |
aws iam delete-role --role-name "$ROLE" | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment