SamLR · May 23, 2019 15:22
diff --git a/aws-user-group-crawler.py b/aws-user-group-crawler.py
 #
 # example usage
 # # Get the data:
 # $ python3 aws-iam-crawl.py > iam.json
 #
 # # Group summary
 # $ cat iam.json| jq '.groups | map({"members": (._users|length), "policies": ((._inline_policies|length) + (._attached_policies|length)), "inline_policies": (._inline_policies|length), "name": .GroupName}) | sort_by(.members)[]  ' -c
 #
 # # User summary (basically the same)
 # $ cat iam.json| jq '.users | map({"groups": (._groups|length), "policies": ((._inline_policies|length) + (._attached_policies|length)), "inline_policies": (._inline_policies|length), "name": .UserName}) | sort_by(.groups)[]  ' -c
 #

 import boto3

 def get_all(client, func_name, results_key, **kwargs):
  paginator = client.get_paginator(func_name)

  res = []
  for page in paginator.paginate(**kwargs):
    res += page[results_key]

  return res


 def main():
  client = boto3.client('iam')

  groups = get_all(client, 'list_groups', 'Groups')

  for grp in groups:
    group_members = get_all(client, 'get_group', 'Users', GroupName=grp['GroupName'])
    grp['_users'] = group_members

    group_policies = get_all(client, 'list_group_policies', 'PolicyNames', GroupName=grp['GroupName'])
    grp['_inline_policies'] = group_policies

    attached_group_policies = get_all(client, 'list_attached_group_policies', 'AttachedPolicies', GroupName=grp['GroupName'])
    grp['_attached_policies'] = attached_group_policies


  users = get_all(client, 'list_users', 'Users')

  for usr in users:
    users_groups = get_all(client, 'list_groups_for_user', 'Groups', UserName=usr['UserName'])
    usr['_groups'] = users_groups

    user_policies = get_all(client, 'list_user_policies', 'PolicyNames', UserName=usr['UserName'])
    usr['_inline_policies'] = user_policies

    attached_user_policies = get_all(client, 'list_attached_user_policies', 'AttachedPolicies', UserName=usr['UserName'])
    usr['_attached_policies'] = attached_user_policies


  return {
    'users': users,
    'groups': groups
  }


 if __name__ == '__main__':

  res = main()

  import json
  print(json.dumps(res, indent=4, sort_keys=True, default=str))
	#
	# example usage
	# # Get the data:
	# $ python3 aws-iam-crawl.py > iam.json
	#
	# # Group summary
	# $ cat iam.json\| jq '.groups \| map({"members": (._users\|length), "policies": ((._inline_policies\|length) + (._attached_policies\|length)), "inline_policies": (._inline_policies\|length), "name": .GroupName}) \| sort_by(.members)[] ' -c
	#
	# # User summary (basically the same)
	# $ cat iam.json\| jq '.users \| map({"groups": (._groups\|length), "policies": ((._inline_policies\|length) + (._attached_policies\|length)), "inline_policies": (._inline_policies\|length), "name": .UserName}) \| sort_by(.groups)[] ' -c
	#

	import boto3

	def get_all(client, func_name, results_key, **kwargs):
	paginator = client.get_paginator(func_name)

	res = []
	for page in paginator.paginate(**kwargs):
	res += page[results_key]

	return res


	def main():
	client = boto3.client('iam')

	groups = get_all(client, 'list_groups', 'Groups')

	for grp in groups:
	group_members = get_all(client, 'get_group', 'Users', GroupName=grp['GroupName'])
	grp['_users'] = group_members

	group_policies = get_all(client, 'list_group_policies', 'PolicyNames', GroupName=grp['GroupName'])
	grp['_inline_policies'] = group_policies

	attached_group_policies = get_all(client, 'list_attached_group_policies', 'AttachedPolicies', GroupName=grp['GroupName'])
	grp['_attached_policies'] = attached_group_policies


	users = get_all(client, 'list_users', 'Users')

	for usr in users:
	users_groups = get_all(client, 'list_groups_for_user', 'Groups', UserName=usr['UserName'])
	usr['_groups'] = users_groups

	user_policies = get_all(client, 'list_user_policies', 'PolicyNames', UserName=usr['UserName'])
	usr['_inline_policies'] = user_policies

	attached_user_policies = get_all(client, 'list_attached_user_policies', 'AttachedPolicies', UserName=usr['UserName'])
	usr['_attached_policies'] = attached_user_policies


	return {
	'users': users,
	'groups': groups
	}


	if __name__ == '__main__':

	res = main()

	import json
	print(json.dumps(res, indent=4, sort_keys=True, default=str))