Skip to content

Instantly share code, notes, and snippets.

@spenserpothier

spenserpothier/find_iam_user.py

Forked from OnlyInAmerica/find_iam_user.py
Last active August 16, 2017 20:28
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save spenserpothier/cec817211f93dc0e3910 to your computer and use it in GitHub Desktop.
Save spenserpothier/cec817211f93dc0e3910 to your computer and use it in GitHub Desktop.
Download ZIP
Find the IAM username belonging to the TARGET_ACCESS_KEY
Raw
find_iam_user.py
#!/usr/bin/env python
# Find the IAM username belonging to the TARGET_ACCESS_KEY
# Useful for finding IAM user corresponding to a compromised AWS credential
# Usage:
# find_iam_user AWS_ACCESS_KEY_ID
# Requirements:
#
# Environmental variables:
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
# python:
# boto
import boto.iam
import sys
if len(sys.argv) == 1:
print 'Usage: \n find_iam_user AWS_ACCESS_KEY_ID'
exit(1)
TARGET_ACCESS_KEY = sys.argv[1]
iam = boto.connect_iam()
users = iam.get_all_users('/')['list_users_response']['list_users_result']['users']
def find_key():
for user in users:
for key_result in iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result']['access_key_metadata']:
aws_access_key = key_result['access_key_id']
if aws_access_key == TARGET_ACCESS_KEY:
print 'Target key belongs to user: ' + user['user_name']
return True
return False
if not find_key():
print 'Did not find access key (' + TARGET_ACCESS_KEY + ') in ' + str(len(users)) + ' IAM users.'
@zxjinn
Copy link

zxjinn commented Jun 25, 2015

@spenserpothier I've forked and updated this gist to search more than 100 users https://gist.github.com/zxjinn/1693a7b4623c4cd25b6d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment