AWS IAMのユーザのポリシーを出力するシェルスクリプト
Keywords
Contents
- 1. 取得イメージ
- 2. コード(bash)
- 3. 参考URL
取得イメージ
ユーザ毎に直接アタッチされたポリシーと属するグループにアタッチされたポリシーを区別せず出力
n-machida,arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator
n-machida,arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs
n-machida,arn:aws:iam::aws:policy/IAMFullAccess
n-machida,arn:aws:iam::aws:policy/AmazonSESFullAccess
n-machida,arn:aws:iam::aws:policy/IAMUserChangePassword
n-machida,arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess
n-machida,arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
n-machida,arn:aws:iam::aws:policy/AWSLambda_FullAccess
n-machida,arn:aws:iam::aws:policy/AmazonS3FullAccess
test,arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess
コード(bash)
#!/bin/bash
USER_LIST=$(aws iam list-users --query "Users[].[UserName]" --output text)
for USER in $USER_LIST
do
POLICY_ATTACHED_TO_USER=$(aws iam list-attached-user-policies \
--user-name $USER \
--query 'AttachedPolicies[].PolicyArn' --output text)
GROUP_LIST=$(aws iam list-groups-for-user \
--user-name $USER \
--query 'Groups[].GroupName' --output text)
POLICY_ATTACHED_TO_GROUP=""
for GROUP in $GROUP_LIST
do
POLICY_ATTACHED_TO_GROUP=$(aws iam list-attached-group-policies \
--group-name $GROUP \
--query 'AttachedPolicies[].PolicyArn' --output text)
done
for POLICY in $POLICY_ATTACHED_TO_USER $POLICY_ATTACHED_TO_GROUP
do
echo $USER,$POLICY
done
done