bat*_*man 6 python boto amazon-web-services amazon-iam
我需要获取所有aws用户,他们相应的组,策略,然后是否为他们激活mfa.谁能告诉我如何通过aws cli或boto完成它.
我有一个脚本,只取出aws中的所有用户.
import boto3
from boto3 import *
import argparse
access_key = ''
secret_key = ''
def get_iam_uses_list():
client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
my_list=list()
iam_all_users = client.list_users(MaxItems=200)
for user in iam_all_users['Users']:
my_list.append(user['UserName'])
#
for i in my_list:
print i
# print "read complete"
#
# for i in my_list:
# iam_user_policy=client.list_attached_user_policies(UserName=i)
# for policy in iam_user_policy['AttachedPolicies']:
# print "%s \t %s" %(i, policy['PolicyName'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument('access_key', help='Access Key');
parser.add_argument('secret_key', help='Secret Key');
args = parser.parse_args()
global access_key
global secret_key
access_key = args.access_key
secret_key = args.secret_key
get_iam_uses_list()
if __name__ =='__main__':main()
Aro*_*a20 17
在这里,我使用boto命令做四个操作 -
获取与AWS账户的IAM连接
import boto3
client = boto3.client('iam',aws_access_key_id="XXX",aws_secret_access_key="XXX")
获取IAM用户 这将打印所有用户名.您可以自定义是否还要打印其他详细信息.
users = client.list_users()
for key in users['Users']:
print key['UserName']
获取附加到每个用户的策略列表
for key in users['Users']:
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
for key in List_of_Policies['PolicyNames']:
print key['PolicyName']
获取附加到每个用户的组列表
for key in users['Users']:
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for key in List_of_Groups['Groups']:
print key['GroupName']
检查是否配置了MFA设备
for key in users['Users']:
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
for key in List_of_MFA_Devices['MFADevices']:
print key
您可以进一步检查List_of_MFA_Devices ['MFADevices']是否为空.如果为空,则表示未配置MFA设备.
如果要将输出添加为Dict列表,其中每个索引将包含dict,则具有userName,Groups,Policy和isMFA_flag_configured的值对.使用以下代码 -
import boto3
client = boto3.client('iam',aws_access_key_id="XXXX",aws_secret_access_key="YYY")
users = client.list_users()
user_list = []
for key in users['Users']:
result = {}
Policies = []
Groups=[]
result['userName']=key['UserName']
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
result['Policies'] = List_of_Policies['PolicyNames']
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for Group in List_of_Groups['Groups']:
Groups.append(Group['GroupName'])
result['Groups'] = Groups
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
if not len(List_of_MFA_Devices['MFADevices']):
result['isMFADeviceConfigured']=False
else:
result['isMFADeviceConfigured']=True
user_list.append(result)
for key in user_list:
print key
上述代码的输出 -
{'userName':'user1','Groups':['grp1','grp2'],'政策':['policy1','policy2],'isMFADeviceConfigured':False/True}
{'userName':'user2','Groups':['grp1','grp2'],'政策':['policy1','policy2],'isMFADeviceConfigured':False/True}
| 归档时间: |
|
| 查看次数: |
8087 次 |
| 最近记录: |