From 1a1c1c964c0459678ceaf31034d7b346b6b4afa6 Mon Sep 17 00:00:00 2001 From: x p k Date: Fri, 9 Aug 2024 08:30:31 +0800 Subject: [PATCH] UPD: updated iam-last-activity.py and print date instead of time --- aws/iam-last-activity.py | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/aws/iam-last-activity.py b/aws/iam-last-activity.py index 0d02070..811399b 100755 --- a/aws/iam-last-activity.py +++ b/aws/iam-last-activity.py @@ -1,16 +1,15 @@ #!/usr/bin/python3 +from datetime import datetime + import boto3 import jmespath import time import re -import json -from pprint import pprint -from jmespath.exceptions import JMESPathTypeError - # dump user/group/role last activity -def generateLastAccessed(myclient, arn, myAccountId): + +def generateLastAccessed(myclient: boto3.client, arn: str, myAccountId: str) -> list[str]: response = myclient.generate_service_last_accessed_details( Arn=arn, Granularity='SERVICE_LEVEL') @@ -28,18 +27,22 @@ def generateLastAccessed(myclient, arn, myAccountId): ServiceNamespaces=jmespath.search("ServicesLastAccessed[*].ServiceNamespace", accessDetails) ) returnString = [] - # try: for p in jmespath.search("PoliciesGrantingServiceAccess[*].Policies[]", r2): if p.get("PolicyType") == "INLINE": returnString.append("INLINE:" + p.get("PolicyName")) else: if myAccountId in p.get("PolicyArn"): returnString.append(p.get("PolicyArn")) - # except JMESPathTypeError: - # pass return list(dict.fromkeys(returnString)) +def formatDate(myTime: time) -> str: + if myTime is None: + return "Never" + else: + return myTime.date() + + sts = boto3.client('sts') accountId = sts.get_caller_identity()["Account"] @@ -52,17 +55,17 @@ for u in jmespath.search("Users[*]", entity): accessKeyQuery = client.list_access_keys(UserName=u.get('UserName')) keys = accessKeyQuery.get("AccessKeyMetadata") print("UserName", u.get("UserName"), sep=": ") - print("CreateDate", u.get("CreateDate"), sep=": ") - print("PasswordLastUsed", u.get("PasswordLastUsed"), sep=": ") + print("CreateDate", formatDate(u.get("CreateDate")), sep=": ") + print("PasswordLastUsed", formatDate(u.get("PasswordLastUsed")), sep=": ") doPolicyLastUsed = False if u.get("PasswordLastUsed") is None else True for k in accessKeyQuery.get("AccessKeyMetadata"): print("AccessKeyId", k.get("AccessKeyId"), sep=": ") print("AccessKeyStatus", k.get("Status"), sep=": ") if k.get("Status") == "Inactive": doPolicyLastUsed = False - print("AccessKeyCreateDate", k.get("CreateDate"), sep=": ") + print("AccessKeyCreateDate", formatDate(k.get("CreateDate")), sep=": ") akLastUsedQuery = client.get_access_key_last_used(AccessKeyId=k.get("AccessKeyId")) - print("AccessKeyLastUsed", akLastUsedQuery.get("AccessKeyLastUsed").get("LastUsedDate"), sep=": ") + print("AccessKeyLastUsed", formatDate(akLastUsedQuery.get("AccessKeyLastUsed").get("LastUsedDate")), sep=": ") if doPolicyLastUsed: print("CustomerPolicyLastUsed", generateLastAccessed(client, u.get("Arn"), accountId), sep=": ") print("-" * 10) @@ -73,7 +76,7 @@ print("=" * 40) entity = client.list_groups() print("GroupName", "CreateDate", sep=",") for g in jmespath.search("Groups[*]", entity): - print(g.get("GroupName"), g.get("CreateDate"), sep=", ") + print(g.get("GroupName"), formatDate(g.get("CreateDate")), sep=", ") print("=" * 40) print("** Roles **") @@ -86,8 +89,8 @@ for r in jmespath.search("Roles[*]", entity): getRoleQuery = client.get_role(RoleName=r.get("RoleName")) r1 = getRoleQuery.get("Role") print("RoleName", r1.get("RoleName"), sep=": ") - print("CreateDate", r1.get("CreateDate"), sep=": ") - print("RoleLastUsed", jmespath.search("RoleLastUsed.LastUsedDate", r1), sep=": ") + print("CreateDate", formatDate(r1.get("CreateDate")), sep=": ") + print("RoleLastUsed", formatDate(jmespath.search("RoleLastUsed.LastUsedDate", r1)), sep=": ") if jmespath.search("RoleLastUsed.LastUsedDate", r1) is not None: print("CustomerPolicyLastUsed", generateLastAccessed(client, r1.get("Arn"), accountId), sep=": ") print("-" * 10)