Skip to content

Instantly share code, notes, and snippets.

@sellers
Forked from zxjinn/find_iam_user.py
Last active November 19, 2015 12:06
Show Gist options
  • Save sellers/6d59da387c042ba39480 to your computer and use it in GitHub Desktop.
Save sellers/6d59da387c042ba39480 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python
'''
# Find the IAM username belonging to the TARGET_ACCESS_KEY
# Useful for finding IAM user corresponding to a compromised AWS credential
# Usage:
# find_IAM.user AWS_ACCESS_KEY_ID
# Requirements:
#
# Environmental variables:
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
# or
# AWS_PROFILE
# or a .boto config file. add profile_name='xxx' if you have more than one
# python:
# boto
'''
import boto.iam
import sys
if len(sys.argv) != 2:
print sys.argv
print('Usage: \n {0} AWS_ACCESS_KEY_ID\n\n'.format(sys.argv[0]))
exit(1)
TARGET_ACCESS_KEY = sys.argv[1]
IAM = boto.connect_iam() # add profile_name= here
MARKER = None
IS_TRUNCATED = 'true'
USERS = []
while IS_TRUNCATED == 'true':
ALL_USERS = IAM.get_all_users('/', marker=MARKER)
USERS += ALL_USERS['list_users_response']['list_users_result']['users']
IS_TRUNCATED = (ALL_USERS['list_users_response']
['list_users_result']['is_truncated'])
if IS_TRUNCATED == 'true':
MARKER = (ALL_USERS['list_users_response']
['list_users_result']['marker'])
print("\n\nFound {0} users, searching...".format(str(len(USERS)))),
def find_key():
'''
identify key amongst users
'''
for user in USERS:
print('.'),
for key_result in (IAM.get_all_access_keys(user['user_name'])
['list_access_keys_response']
['list_access_keys_result']
['access_key_metadata']):
aws_access_key = key_result['access_key_id']
if aws_access_key == TARGET_ACCESS_KEY:
print('Target key belongs to user:{0}'
.format(user['user_name']))
return True
return False
if not find_key():
print('\n\nDid not find access key ({0} in {1} IAM users.'
.format(TARGET_ACCESS_KEY, str(len(USERS))))
@sellers
Copy link
Author

sellers commented Nov 19, 2015

modified to be PEP8 and handle only 1 arg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment