NEW: dump aws roles and policies

2022-05-13 12:57:35 +08:00 · 2022-05-13 12:57:35 +08:00 · 6610541668
parent 7effc2c23b
commit 6610541668
1 changed files with 23 additions and 0 deletions
--- a/aws/aws-role-policies.sh
+++ b/aws/aws-role-policies.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+function formatprint() {
+	cat - > /tmp/formatprint.tmp
+	echo "# $1 ($(cat /tmp/formatprint.tmp | wc -l))"
+	cat /tmp/formatprint.tmp | sed -e 's/^/  /g' 
+	rm -f /tmp/formatprint.tmp
+}
+
+# Generate inventory of ec2, rds, lb, and s3 buckets.
+
+# aws eks list-clusters | jq '.[][]' | awk -F/ '{print $NF}'   | formatprint EKS
+
+# IAM roles"
+# aws iam list-roles | jq -cr '.Roles[] | .RoleName' | grep -v AWSServiceRoleFor 
+
+# IAM users
+aws iam list-roles --page-size 100| jq -cr '.Roles[] | .RoleName ' | while read r; do
+echo "Role: $r"
+aws iam list-attached-role-policies --role-name $r | jq -cr '.AttachedPolicies[] | .PolicyArn' | formatprint RoleManagedPolicies
+aws iam list-role-policies --role-name $r | jq -cr '.PolicyNames[]' | formatprint  RoleInlinePolicies
+echo ""
+done