find_iam_user.py

#!/usr/bin/env python
'''
# Find the IAM username belonging to the TARGET_ACCESS_KEY
# Useful for finding IAM user corresponding to a compromised AWS credential
# Usage:
#     find_IAM.user AWS_ACCESS_KEY_ID
# Requirements:
#
# Environmental variables:
#     AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
#     or
#     AWS_PROFILE
#     or a .boto config file.  add profile_name='xxx' if you have more than one
# python:
#   boto
'''

import boto.iam
import sys

if len(sys.argv) != 2:
    print sys.argv
    print('Usage: \n {0} AWS_ACCESS_KEY_ID\n\n'.format(sys.argv[0]))
    exit(1)

TARGET_ACCESS_KEY = sys.argv[1]

IAM = boto.connect_iam()  # add profile_name= here

MARKER = None
IS_TRUNCATED = 'true'
USERS = []

while IS_TRUNCATED == 'true':
    ALL_USERS = IAM.get_all_users('/', marker=MARKER)
    USERS += ALL_USERS['list_users_response']['list_users_result']['users']
    IS_TRUNCATED = (ALL_USERS['list_users_response']
                    ['list_users_result']['is_truncated'])
    if IS_TRUNCATED == 'true':
        MARKER = (ALL_USERS['list_users_response']
                  ['list_users_result']['marker'])

print("\n\nFound {0} users, searching...".format(str(len(USERS)))),


def find_key():
    '''
    identify key amongst users
    '''
    for user in USERS:
        print('.'),
        for key_result in (IAM.get_all_access_keys(user['user_name'])
                           ['list_access_keys_response']
                           ['list_access_keys_result']
                           ['access_key_metadata']):
            aws_access_key = key_result['access_key_id']
            if aws_access_key == TARGET_ACCESS_KEY:
                print('Target key belongs to user:{0}'
                      .format(user['user_name']))
                return True
    return False

if not find_key():
    print('\n\nDid not find access key ({0} in {1} IAM users.'
          .format(TARGET_ACCESS_KEY, str(len(USERS))))

modified to be PEP8 and handle only 1 arg