generate csv with IAM users, groups, access keys, login profile using aws cli and jq

create-users-report.sh

#!/bin/bash
set -e
GRN="\033[0;32m"
NC="\033[0m"
generateUserEntry(){
  # set -x
  local username=$1
  local groups=$2
  local keys=$3
  local web=$4
  aws iam list-users --query "Users[?UserName == \`${username}\`].{NAME:UserName,DATE:CreateDate}" | \
    jq ".[] + { GROUPS: ${groups} } | . + { KEYS: ${keys} } | . + { WEBCONSOLE: ${web} }"
  # set +x
}

USERNAME_LIST=$(aws iam list-users --query "Users[*].UserName" | jq -r '.[]')
USERNAME_COUNT=$(echo ${USERNAME_LIST} | wc -w)
USERNAME_COUNT=${USERNAME_COUNT//[[:space:]]/}
echo "$USERNAME_COUNT users found"

fullUsersDoc="[]"

COUNT=0

for currentUser in $USERNAME_LIST 
do
  COUNT=$((COUNT+1))

  echo "listing groups for username :: ${currentUser}"
  userGroups=$(aws iam list-groups-for-user --user-name "${currentUser}" --query "Groups[*].GroupName" | jq '. | join("|")')

  echo "listing access keys for username :: ${currentUser}"
  accessKeys=$(aws iam list-access-keys --user ${currentUser} --query "AccessKeyMetadata[*].AccessKeyId" | jq '. | join("|")')

  echo "listing login profile for username :: ${currentUser}"
  set +e
  aws iam get-login-profile --user "${currentUser}" --query "LoginProfile" > /dev/null
  [ $? == 0 ] && loginProfile="\"true\"" || loginProfile="\"false\"" 
  set -e

  currentUserDoc=$(generateUserEntry "${currentUser}" "${userGroups}" "${accessKeys}" "${loginProfile}")
  fullUsersDoc=$(echo "${fullUsersDoc}" | jq -r ". += [${currentUserDoc}"])

  echo -e "${GRN}Progress... ${COUNT}/${USERNAME_COUNT}${NC}"
done

echo $fullUsersDoc > users.json

echo ${fullUsersDoc} | jq -r '. | (.[0] | keys_unsorted) as $keys | ([$keys] + map([.[ $keys[] ]])) [] | @csv'  > users.csv