-
Notifications
You must be signed in to change notification settings - Fork 25
/
export_ec2_users.py
142 lines (112 loc) · 3.42 KB
/
export_ec2_users.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
#!/usr/bin/env python3
import boto3
import botocore
import sys
KEY = ''
SECRET = ''
MAXITEMS = 100
def get_iam_connection():
"""
Get a connection to IAM region.
"""
try:
return boto3.client(
'iam',
aws_access_key_id=KEY,
aws_secret_access_key=SECRET
)
except botocore.exceptions.ClientError as e:
print(e.response['Error']['Message'])
sys.exit(1)
def get_iam_users():
"""
Return a list of IAM user accounts. Get the users in batches.
"""
users = []
more = True
marker = ''
while more is True:
u = {}
if marker == '':
u = conn.list_users(MaxItems=MAXITEMS)
else:
u = conn.list_users(Marker=marker, MaxItems=MAXITEMS)
more = u.get('IsTruncated')
marker = u.get('Marker')
users.extend(u['Users'])
return users
def get_iam_user_groups(user):
"""
Return a list of groups of which the IAM user is a member. Get the groups
in batches.
"""
groups = []
more = True
marker = ''
while more is True:
g = {}
if marker == '':
g = conn.list_groups_for_user(UserName=user, MaxItems=MAXITEMS)
else:
g = conn.list_groups_for_user(UserName=user, Marker=marker, MaxItems=MAXITEMS)
more = g.get('IsTruncated')
marker = g.get('Marker')
groups.extend([f['GroupName'] for f in g['Groups']])
return groups
def get_iam_key_last_used(key):
"""
Return the last used date of the specified key.
"""
last_used = conn.get_access_key_last_used(AccessKeyId=key)
alu = last_used.get('AccessKeyLastUsed')
if alu.get('LastUsedDate') is None:
return 'Never'
else:
return str(alu.get('LastUsedDate'))
def get_iam_user_keys(user):
"""
Return a list of access keys which belong to the IAM user. Get the keys in
batches.
"""
keys = []
more = True
marker = ''
while more is True:
k = {}
if marker == '':
k = conn.list_access_keys(UserName=user, MaxItems=MAXITEMS)
else:
k = conn.list_access_keys(UserName=user, Marker=marker, MaxItems=MAXITEMS)
more = k.get('IsTruncated')
marker = k.get('Marker')
key_list = [l['AccessKeyId'] for l in k['AccessKeyMetadata']]
for key in key_list:
last_used = get_iam_key_last_used(key)
keys.append((key, last_used[:10]))
return keys
def write_users(users):
"""
Write the user details to a file.
"""
fn = 'iam_user_accounts.txt'
fh = open(fn, 'w')
fh.write('IAM User Accounts\n')
fh.write('=================\n')
fh.write('\n')
for user in users:
name = user.get('UserName', 'No Name')
groups = get_iam_user_groups(name)
keys = get_iam_user_keys(name)
created = str(user.get('CreateDate'))
last_login = str(user.get('PasswordLastUsed', 'Never'))
fh.write('Username: {0}\n'.format(name))
fh.write('Created: {0}\n'.format(created[:10]))
fh.write('Last Login: {0}\n'.format(last_login[:10]))
fh.write('Groups: {0}\n'.format(', '.join(groups)))
fh.write('Keys: {0}\n'.format(', '.join(['{0} ({1})'.format(k[0], k[1]) for k in keys])))
fh.write('\n')
fh.close()
if __name__ == '__main__':
conn = get_iam_connection()
users = get_iam_users()
write_users(users)