Dump the list of AWS access keys for an account

list_aws_account_access_keys.py

#!/usr/bin/env python3

# usage (dump a json list of user objects): python3 list_aws_account_access_keys.py
# usage (dump a combined lsit of access keys): python3 list_aws_account_access_keys.py keys_only

from dataclasses import dataclass
import json
import sys
from typing import List

import boto3

@dataclass
class AWSUser:
  id: str
  username: str
  access_keys: List[str]

  def to_dict(self):
    return {
      'id': self.id,
      'username': self.username,
      'access_keys': self.access_keys
    }

def get_user_access_keys():
  aws_users = []
  iam = boto3.client('iam')

  for user in iam.list_users()['Users']:
    aws_users.append(
        AWSUser(
            id=user['UserId'], 
            username=user['UserName'], 
            access_keys=[keymeta['AccessKeyId'] for keymeta in iam.list_access_keys(UserName=user['UserName'])['AccessKeyMetadata']]
        )
    )

  return aws_users


if __name__ == '__main__':
  aws_users = get_user_access_keys()
  if len(sys.argv) > 1 and sys.argv[1] == 'keys_only':
    data = [access_key for user in get_user_access_keys() for access_key in user.access_keys]
  else:
    data = [user.to_dict() for user in get_user_access_keys()]
    
  print(json.dumps(data))