import boto3 | |
import collections | |
from datetime import datetime | |
from time import gmtime, strftime | |
notOkayDays = 120 | |
today = datetime.today().replace(tzinfo=None) | |
client = boto3.client('iam') | |
iam = boto3.resource('iam') | |
userList = client.list_users().get('Users', []) | |
for item in userList: | |
user = iam.User(item.get('UserName')) | |
if user.password_last_used != None: | |
try: | |
lastUsedDate = user.password_last_used.replace(tzinfo=None) | |
except: | |
continue | |
if (today - lastUsedDate).days > notOkayDays: | |
recentKey = False | |
for key in user.access_keys.all(): | |
lastKeyUsedDate = client.get_access_key_last_used(AccessKeyId=key.id).get('AccessKeyLastUsed').get('LastUsedDate').replace(tzinfo=None) | |
if (today - lastKeyUsedDate).days < notOkayDays: | |
recentKey = True | |
break | |
if not recentKey: | |
try: | |
loginProfile = user.LoginProfile() | |
loginProfile.load() | |
except: | |
pass | |
else: | |
try: | |
print user.user_name + " deleting login profile." | |
loginProfile.delete() | |
except: | |
print user.user_name + " doesn't seem to have a login profile or I couldn't delete it." | |
for key in user.access_keys.all(): | |
if key.status == 'Active': | |
print user.user_name + " deactivating key " + key.id | |
key.deactivate(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment