Created
May 11, 2020 10:37
-
-
Save ryan-blunden/1cf0ed81cc50646d9ce6892b5ac072f6 to your computer and use it in GitHub Desktop.
Dump the list of AWS access keys for an account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# usage (dump a json list of user objects): python3 list_aws_account_access_keys.py | |
# usage (dump a combined lsit of access keys): python3 list_aws_account_access_keys.py keys_only | |
from dataclasses import dataclass | |
import json | |
import sys | |
from typing import List | |
import boto3 | |
@dataclass | |
class AWSUser: | |
id: str | |
username: str | |
access_keys: List[str] | |
def to_dict(self): | |
return { | |
'id': self.id, | |
'username': self.username, | |
'access_keys': self.access_keys | |
} | |
def get_user_access_keys(): | |
aws_users = [] | |
iam = boto3.client('iam') | |
for user in iam.list_users()['Users']: | |
aws_users.append( | |
AWSUser( | |
id=user['UserId'], | |
username=user['UserName'], | |
access_keys=[keymeta['AccessKeyId'] for keymeta in iam.list_access_keys(UserName=user['UserName'])['AccessKeyMetadata']] | |
) | |
) | |
return aws_users | |
if __name__ == '__main__': | |
aws_users = get_user_access_keys() | |
if len(sys.argv) > 1 and sys.argv[1] == 'keys_only': | |
data = [access_key for user in get_user_access_keys() for access_key in user.access_keys] | |
else: | |
data = [user.to_dict() for user in get_user_access_keys()] | |
print(json.dumps(data)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment