我需要获取所有AWS用户,其相应的组,策略,然后是否激活了MFA。谁能告诉我如何通过AWS CLI或Boto进行。
我有一个脚本,可以从AWS中获取所有用户。
import boto3
from boto3 import *
import argparse
access_key = ''
secret_key = ''
def get_iam_uses_list():
client = boto3.client('iam',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key)
my_list=list()
iam_all_users = client.list_users(MaxItems=200)
for user in iam_all_users['Users']:
my_list.append(user['UserName'])
#
for i in my_list:
print i
# print "read complete"
#
# for i in my_list:
# iam_user_policy=client.list_attached_user_policies(UserName=i)
# for policy in iam_user_policy['AttachedPolicies']:
# print "%s t %s" %(i, policy['PolicyName'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument('access_key', help='Access Key');
parser.add_argument('secret_key', help='Secret Key');
args = parser.parse_args()
global access_key
global secret_key
access_key = args.access_key
secret_key = args.secret_key
get_iam_uses_list()
if __name__ =='__main__':main()
在这里,我正在使用boto命令进行四个操作 -
- 列出所有用户
- 附加到每个用户的列表策略
- 添加到每个用户的列表角色
- 列表MFA设备以查看用户是否配置MFA(在这里我不检查MFA,但不启用MFA,但是检查设备是否已由用户配置。) )
获取IAM连接到AWS帐户
import boto3
client = boto3.client('iam',aws_access_key_id="XXX",aws_secret_access_key="XXX")
获取IAM用户这将打印所有用户名。如果您还想打印其他详细信息,则可以自定义。
users = client.list_users()
for key in users['Users']:
print key['UserName']
获取每个用户附加的策略列表
for key in users['Users']:
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
for key in List_of_Policies['PolicyNames']:
print key['PolicyName']
获取每个用户附加的组列表
for key in users['Users']:
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for key in List_of_Groups['Groups']:
print key['GroupName']
检查MFA设备是否配置
for key in users['Users']:
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
for key in List_of_MFA_Devices['MFADevices']:
print key
您可以进一步检查list_of_mfa_devices ['mfadevices']是否为空。如果为空,则未配置MFA设备。
如果要将输出添加为DICT列表,每个索引将包含在哪里包含的dict对用户名,组,策略,ISMFA_FLAG_CONFIGURED的值对。使用以下代码 -
import boto3
client = boto3.client('iam',aws_access_key_id="XXXX",aws_secret_access_key="YYY")
users = client.list_users()
user_list = []
for key in users['Users']:
result = {}
Policies = []
Groups=[]
result['userName']=key['UserName']
List_of_Policies = client.list_user_policies(UserName=key['UserName'])
result['Policies'] = List_of_Policies['PolicyNames']
List_of_Groups = client.list_groups_for_user(UserName=key['UserName'])
for Group in List_of_Groups['Groups']:
Groups.append(Group['GroupName'])
result['Groups'] = Groups
List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
if not len(List_of_MFA_Devices['MFADevices']):
result['isMFADeviceConfigured']=False
else:
result['isMFADeviceConfigured']=True
user_list.append(result)
for key in user_list:
print key
以上代码的输出 -
{'username':'user1','groups':['grp1','grp2'],'policies':['policy1','policy2],'ismfadeviceconfigured':false/true}
{'username':'user2','groups':['grp1','grp2'],'policies':[''policy1','policy2],'ismfadeviceconfigured':false/true}