anthonyclarka2 · July 20, 2021 14:10
diff --git a/get-current-role-perms.sh b/get-current-role-perms.sh
 #!/bin/bash

 # This script gets your current AWS role and dumps the IAM policies associated with that role
 # Requires the iam:ListRolePolicies and iam:ListAttachedRolePolicies permissions
 # Requires the aws cli and the jq utility
 # Creative Commons Attribution-Sharealike: https://creativecommons.org/licenses/by-sa/4.0/

 # TODO: compare jq vs the query parameter in the aws cli, see if there's any difference in speed or results

 MY_ROLE=$(aws sts get-caller-identity | jq -r '.Arn' | cut -d'/' -f2)

 ROLE_POLS=$(aws iam list-role-policies --role-name "${MY_ROLE}" | jq -r '.PolicyNames[]' | tr '\n' ',')
 IFS=',' read -r -a ROLE_POLICIES <<< "$ROLE_POLS"

 for POLICY in "${ROLE_POLICIES[@]}"
 do
  echo "${POLICY}"
  POL_VER=$(aws iam get-role-policy --policy-name "${POLICY}" --role-name "${MY_ROLE}" | jq -r '.Policy.DefaultVersionId')
  aws iam get-role-policy --policy-name "${POLICY}" --role-name MRAD_Ops | jq -r '.PolicyDocument.Statement'
  echo
 done

 echo
 echo

 ATTD_POLS=$(aws iam list-attached-role-policies --role-name "${MY_ROLE}" | jq -r '.AttachedPolicies[].PolicyName' | tr '\n' ',')
 IFS=',' read -r -a ATTD_POLICIES <<< "$ATTD_POLS"

 for POLICY in "${ATTD_POLICIES[@]}"
 do
  echo "${POLICY}"
  POL_VER=$(aws iam get-policy --policy-arn arn:aws:iam::aws:policy/"${POLICY}" | jq -r '.Policy.DefaultVersionId')
  aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/"${POLICY}" --version-id "${POL_VER}" | jq -r '.PolicyVersion.Document.Statement'
  echo
 done
	#!/bin/bash

	# This script gets your current AWS role and dumps the IAM policies associated with that role
	# Requires the iam:ListRolePolicies and iam:ListAttachedRolePolicies permissions
	# Requires the aws cli and the jq utility
	# Creative Commons Attribution-Sharealike: https://creativecommons.org/licenses/by-sa/4.0/

	# TODO: compare jq vs the query parameter in the aws cli, see if there's any difference in speed or results

	MY_ROLE=$(aws sts get-caller-identity \| jq -r '.Arn' \| cut -d'/' -f2)

	ROLE_POLS=$(aws iam list-role-policies --role-name "${MY_ROLE}" \| jq -r '.PolicyNames[]' \| tr '\n' ',')
	IFS=',' read -r -a ROLE_POLICIES <<< "$ROLE_POLS"

	for POLICY in "${ROLE_POLICIES[@]}"
	do
	echo "${POLICY}"
	POL_VER=$(aws iam get-role-policy --policy-name "${POLICY}" --role-name "${MY_ROLE}" \| jq -r '.Policy.DefaultVersionId')
	aws iam get-role-policy --policy-name "${POLICY}" --role-name MRAD_Ops \| jq -r '.PolicyDocument.Statement'
	echo
	done

	echo
	echo

	ATTD_POLS=$(aws iam list-attached-role-policies --role-name "${MY_ROLE}" \| jq -r '.AttachedPolicies[].PolicyName' \| tr '\n' ',')
	IFS=',' read -r -a ATTD_POLICIES <<< "$ATTD_POLS"

	for POLICY in "${ATTD_POLICIES[@]}"
	do
	echo "${POLICY}"
	POL_VER=$(aws iam get-policy --policy-arn arn:aws:iam::aws:policy/"${POLICY}" \| jq -r '.Policy.DefaultVersionId')
	aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/"${POLICY}" --version-id "${POL_VER}" \| jq -r '.PolicyVersion.Document.Statement'
	echo
	done