我们如何获取IAM用户,他们的组和策略? [英] How can we fetch IAM users, their groups and policies?
问题描述
我需要获取所有aws用户,其相应的组,策略,然后获取是否为他们激活了mfa.谁能告诉我如何通过aws cli或boto做到这一点.
I need to fetch all the aws user's, their corresponding groups, policies and then if mfa is activated for them or not. Can anyone tell me how it can be done via aws cli or boto.
我有一个脚本,可以仅提取所有用户的AWS信息.
I have a script that fetches out just the all user's in aws.
import boto3
from boto3 import *
import argparse
access_key = ''
secret_key = ''
def get_iam_uses_list():
client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
my_list=list()
iam_all_users = client.list_users(MaxItems=200)
for user in iam_all_users['Users']:
my_list.append(user['UserName'])
#
for i in my_list:
print i
# print "read complete"
#
# for i in my_list:
# iam_user_policy=client.list_attached_user_policies(UserName=i)
# for policy in iam_user_policy['AttachedPolicies']:
# print "%s \t %s" %(i, policy['PolicyName'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument('access_key', help='Access Key');
parser.add_argument('secret_key', help='Secret Key');
args = parser.parse_args()
global access_key
global secret_key
access_key = args.access_key
secret_key = args.secret_key
get_iam_uses_list()
if __name__ =='__main__':main()
推荐答案
在这里,我正在使用boto命令执行四个操作-
Here, I am using boto commands to do four operations -
- 列出所有用户
- 附加到每个用户的列表策略
- 列出添加到每个用户的角色
- 列出Mfa设备以查看MFA是否已由用户配置(此处我不是要检查是否已启用MFA,而是要检查设备是否已由用户配置.)
获取与AWS账户的IAM连接
import boto3
client = boto3.client('iam',aws_access_key_id="XXX",aws_secret_access_key="XXX")
获取IAM用户 这将打印所有用户名.您还可以自定义是否要打印其他详细信息.
Getting IAM Users This will print all the usernames. you can customize if you want to print other details as well.
users = client.list_users()
for key in users['Users']:
print key['UserName']
获取附加到每个用户的策略列表
for key in users['Users']:
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
for key in List_of_Policies['PolicyNames']:
print key['PolicyName']
获取附加到每个用户的网上论坛列表
for key in users['Users']:
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for key in List_of_Groups['Groups']:
print key['GroupName']
检查是否已配置MFA设备
for key in users['Users']:
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
for key in List_of_MFA_Devices['MFADevices']:
print key
您可以进一步检查List_of_MFA_Devices ['MFADevices']是否为空.如果为空,则未配置MFA设备.
You can further check if List_of_MFA_Devices['MFADevices'] is empty or not. If empty, then MFA Device is not configured.
如果要将输出添加为Dict列表,其中每个索引将包含dict,则必须对userName,Groups,Policy,isMFA_flag_configured进行值对配置.使用以下代码-
If you want to add output as List of Dict where each index will contain dict have value pairs for userName, Groups, Policy, isMFA_flag_configured or not. Use the following code -
import boto3
client = boto3.client('iam',aws_access_key_id="XXXX",aws_secret_access_key="YYY")
users = client.list_users()
user_list = []
for key in users['Users']:
result = {}
Policies = []
Groups=[]
result['userName']=key['UserName']
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
result['Policies'] = List_of_Policies['PolicyNames']
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for Group in List_of_Groups['Groups']:
Groups.append(Group['GroupName'])
result['Groups'] = Groups
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
if not len(List_of_MFA_Devices['MFADevices']):
result['isMFADeviceConfigured']=False
else:
result['isMFADeviceConfigured']=True
user_list.append(result)
for key in user_list:
print key
上述代码的输出-
{'userName':'user1','Groups':['grp1','grp2'],'Policies':['policy1','policy2],'isMFADeviceConfigured':False/True}
{'userName': 'user1', 'Groups': ['grp1','grp2'], 'Policies':['policy1','policy2], 'isMFADeviceConfigured': False/True}
{'userName':'user2','Groups':['grp1','grp2'],'Policies':['policy1','policy2],'isMFADeviceConfigured':False/True}
{'userName': 'user2', 'Groups': ['grp1','grp2'], 'Policies': ['policy1','policy2], 'isMFADeviceConfigured': False/True}
这篇关于我们如何获取IAM用户,他们的组和策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
