#!/bin/bash

AID=$(aws sts get-caller-identity --query Account --output text)

# dump list of user to temp file
aws iam list-users | jq -cr '.Users[] | [.UserName, .PasswordLastUsed // "NoPassword"] | @csv' > /tmp/iusers.txt

cat /tmp/iusers.txt | while read line; do
	USER=$(echo $line | awk -F, '{print $1}' | tr -d \")
	PLU=$(grep "$USER\"," /tmp/iusers.txt | awk -F, '{print $2}' | awk -FT '{print $1}' | tr -d \")
	echo "$AID, $USER, $PLU, NA, NA"
	aws iam list-access-keys --user-name $USER --query AccessKeyMetadata[].AccessKeyId --output text | tr '\t' '\n' | while read k; do 
	echo "$AID, $USER, NA, $k, $(aws iam get-access-key-last-used --access-key-id $k --query AccessKeyLastUsed.LastUsedDate | awk -FT '{print $1}' | tr -d \")"
	done
done