xpk/aws-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f4c41da380
aws-inventory/iam-dump.py

61 lines
3.1 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python3
import boto3
import jmespath
import json
# dump user/group/role policies that are attached to at least 1 entity
client = boto3.client('iam')
print("** Users **")
entity = client.list_users()
for u in jmespath.search("Users[*].UserName", entity):
print(u)
policies = client.list_attached_user_policies(UserName=u)
name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
for i in name_arn:
print("-", i["PolicyName"])
with open("Policies/User/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)
inlines = client.list_user_policies(UserName=u)
for ip in inlines["PolicyNames"]:
print("- (inline)", ip)
inline_policy = client.get_user_policy(UserName=u, PolicyName=ip)
with open("Policies/User/"+u+"_"+ip+'.json', 'w', encoding='utf-8') as f:
json.dump(inline_policy["PolicyDocument"], f, ensure_ascii=False, indent=4)
print("** Groups **")
entity = client.list_groups()
for g in jmespath.search("Groups[*].GroupName", entity):
print(g)
policies = client.list_attached_group_policies(GroupName=g)
name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
for i in name_arn:
print("-", i["PolicyName"])
with open("Policies/Group/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)
print("** Roles **")
entity = client.list_roles()
for r in jmespath.search("Roles[*].RoleName", entity):
print(r)
policies = client.list_attached_role_policies(RoleName=r)
name_arn = jmespath.search('AttachedPolicies[*].{PolicyName: PolicyName, PolicyArn: PolicyArn}', policies)
for i in name_arn:
print("-", i["PolicyName"])
with open("Policies/Role/"+i["PolicyName"]+'.json', 'w', encoding='utf-8') as f:
policy_version = client.get_policy(PolicyArn=i["PolicyArn"])
policy_json = client.get_policy_version(PolicyArn=i["PolicyArn"], VersionId=policy_version["Policy"]["DefaultVersionId"])
json.dump(policy_json["PolicyVersion"]["Document"], f, ensure_ascii=False, indent=4)
inlines = client.list_role_policies(RoleName=r)
for ip in inlines["PolicyNames"]:
print("- (inline)", ip)
inline_policy = client.get_role_policy(RoleName=r, PolicyName=ip)
with open("Policies/Role/"+r+"_"+ip+'.json', 'w', encoding='utf-8') as f:
json.dump(inline_policy["PolicyDocument"], f, ensure_ascii=False, indent=4)
Reference in New Issue View Git Blame Copy Permalink