-
-
Save madhuakula/6339a53a1d32555ecf09586ab7483ef5 to your computer and use it in GitHub Desktop.
Script to get all versions of all AWS managed policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Use the AWS CLI to collect all versions of all AWS managed policies. Example files: | |
| # APIGatewayServiceRolePolicy.v1 | |
| # APIGatewayServiceRolePolicy.v2 | |
| # APIGatewayServiceRolePolicy.v3 | |
| # Usage: ./grab.sh | |
| # Note that the following policies do not exist and create zero byte files: | |
| # - AWSSupportServiceRolePolicy v1,v2,v3 | |
| # - FMSServiceRolePolicy v4 | |
| # Get list of policies | |
| aws iam list-policies > list-policies.json | |
| # Make directory to put them in | |
| mkdir -p policies | |
| # Look for only the AWS Managed Policies (not policies you created), | |
| # by looking for "iam::aws" in the ARN | |
| # Then get the ARN, default version (ie. highest numbered version), and simple name. | |
| cat list-policies.json | jq -cr '.Policies[] | select(.Arn | contains("iam::aws"))|.Arn +" "+ .DefaultVersionId+" "+.PolicyName' | while read LINE | |
| do | |
| # Convert the output lines into variables | |
| ARN=`echo $LINE | cut -d " " -f 1` | |
| VERSION=`echo $LINE | cut -d " " -f 2` | |
| POLICY=`echo $LINE | cut -d " " -f 3` | |
| # Print the name of the policy being collected | |
| echo $POLICY | |
| # Iterate the versions, breaking when we get to the default version | |
| for i in {1..100} | |
| do | |
| v=`echo v$i` | |
| # Get the specific policy version | |
| aws iam get-policy-version --policy-arn $ARN --version-id $v > "policies/$POLICY.$v" | |
| echo $v | |
| if [ "$v" == "$VERSION" ]; then | |
| break | |
| fi | |
| done | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment