NEW: iam-last-activity.py

2024-08-08 23:16:38 +08:00 · 2024-08-08 23:16:38 +08:00 · 68761f216a
commit 68761f216a
parent 6ab9fe60d2
1 changed files with 91 additions and 0 deletions
--- a/aws/iam-last-activity.py
+++ b/aws/iam-last-activity.py
@ -0,0 +1,91 @@
 #!/usr/bin/python3
 import boto3
 import jmespath
 import time
 import re
 import json
 from pprint import pprint
 from jmespath.exceptions import JMESPathTypeError
 # dump user/group/role last activity
 def generateLastAccessed(myclient, arn, myAccountId: str):
    response = myclient.generate_service_last_accessed_details(
        Arn=arn,
        Granularity='SERVICE_LEVEL')
    jobId = response.get("JobId")
    accessDetails = client.get_service_last_accessed_details(JobId=jobId, MaxItems=20)
    while True:
        time.sleep(2)
        accessDetails = client.get_service_last_accessed_details(JobId=jobId, MaxItems=20)
        if accessDetails.get("JobStatus") != "COMPLETED":
            continue
        else:
            break
    r2 = client.list_policies_granting_service_access(
        Arn=arn,
        ServiceNamespaces=jmespath.search("ServicesLastAccessed[*].ServiceNamespace", accessDetails)
    )
    returnString = []
    try:
        for p in jmespath.search(
                f"PoliciesGrantingServiceAccess[*].Policies[?contains(PolicyArn,'${myAccountId}')].PolicyArn", r2):
            if len(p) > 0:
                returnString.append(p[0])
    except JMESPathTypeError:
        pass
    return list(dict.fromkeys(returnString))
 sts = boto3.client('sts')
 accountId = sts.get_caller_identity()["Account"]
 client = boto3.client('iam')
 print("=" * 40)
 print("** Users **")
 print("=" * 40)
 entity = client.list_users()
 for u in jmespath.search("Users[*]", entity):
    accessKeyQuery = client.list_access_keys(UserName=u.get('UserName'))
    keys = accessKeyQuery.get("AccessKeyMetadata")
    print("UserName", u.get("UserName"), sep=": ")
    print("CreateDate", u.get("CreateDate"), sep=": ")
    print("PasswordLastUsed", u.get("PasswordLastUsed"), sep=": ")
    doPolicyLastUsed = False if u.get("PasswordLastUsed") is None else True
    for k in accessKeyQuery.get("AccessKeyMetadata"):
        print("AccessKeyId", k.get("AccessKeyId"), sep=": ")
        print("AccessKeyStatus", k.get("Status"), sep=": ")
        if k.get("Status") == "Inactive":
            doPolicyLastUsed = False
        print("AccessKeyCreateDate", k.get("CreateDate"), sep=": ")
        akLastUsedQuery = client.get_access_key_last_used(AccessKeyId=k.get("AccessKeyId"))
        print("AccessKeyLastUsed", akLastUsedQuery.get("AccessKeyLastUsed").get("LastUsedDate"), sep=": ")
    if doPolicyLastUsed:
        print("CustomerPolicyLastUsed", generateLastAccessed(client, u.get("Arn"), accountId), sep=": ")
    print("-" * 10)
 print("=" * 40)
 print("** Groups **")
 print("=" * 40)
 entity = client.list_groups()
 print("GroupName", "CreateDate", sep=",")
 for g in jmespath.search("Groups[*]", entity):
    print(g.get("GroupName"), g.get("CreateDate"), sep=", ")
 print("=" * 40)
 print("** Roles **")
 print("=" * 40)
 entity = client.list_roles()
 for r in jmespath.search("Roles[*]", entity):
    if re.match("^/.*service-role/.*", r.get("Path")) is not None or re.match("^/aws-reserved/",
                                                                              r.get("Path")) is not None:
        continue
    getRoleQuery = client.get_role(RoleName=r.get("RoleName"))
    r1 = getRoleQuery.get("Role")
    print("RoleName", r1.get("RoleName"), sep=": ")
    print("CreateDate", r1.get("CreateDate"), sep=": ")
    print("RoleLastUsed", jmespath.search("RoleLastUsed.LastUsedDate", r1), sep=": ")
    if jmespath.search("RoleLastUsed.LastUsedDate", r1) is not None:
        print("CustomerPolicyLastUsed", generateLastAccessed(client, r1.get("Arn"), accountId), sep=": ")
    print("-" * 10)