Skip to content

Instantly share code, notes, and snippets.

@denist-huma

denist-huma/delete_iam_user.sh

Forked from kgmoore431/delete_iam_user.sh
Last active May 9, 2022 19:51
Show Gist options
  • Save denist-huma/7273628cf736033a853a4cd9f7220827 to your computer and use it in GitHub Desktop.
Save denist-huma/7273628cf736033a853a4cd9f7220827 to your computer and use it in GitHub Desktop.
Download ZIP
Delete an IAM user with AWS CLI
Raw
delete_iam_user.sh
#!/bin/bash
user_name="$1"
echo "Removing user: ${user_name}"
keys=("$(aws iam list-access-keys --user-name "${user_name}" | jq -r '.AccessKeyMetadata[] | .AccessKeyId')")
if [[ "${#keys}" -gt "0" ]]; then
echo "Deleting Access Keys:"
# shellcheck disable=SC2068
for key in ${keys[@]}; do
echo -e "\tDeleting access key ${key}"
aws iam delete-access-key --user-name "${user_name}" --access-key-id "${key}" > /dev/null
done
fi
certs=("$(aws iam list-signing-certificates --user-name "${user_name}" | jq -r '.Certificates[] | .CertificateId')")
if [[ "${#certs}" -gt "0" ]]; then
echo "Deleting Signing Certificates:"
# shellcheck disable=SC2068
for cert in ${certs[@]}; do
echo -e "\tDeleting cert ${cert}"
aws iam delete-signing-certificate --user-name "${user_name}" --certificate-id "$cert" > /dev/null
done
fi
if $(aws iam get-login-profile --user-name "${user_name}" &>/dev/null); then
echo "Deleting Login Profile"
# shellcheck disable=SC2091
aws iam delete-login-profile --user-name "${user_name}" > /dev/null
fi
devs=("$(aws iam list-mfa-devices --user-name "${user_name}" | jq -r '.MFADevices[] | .SerialNumber')")
if [[ "${#devs}" -gt "0" ]]; then
echo "Deleting User's 2FA Devices:"
# shellcheck disable=SC2068
for mfa_dev in ${devs[@]}; do
echo -e "\tDeleting MFA ${mfa_dev}"
aws iam deactivate-mfa-device --user-name "${user_name}" --serial-number "${mfa_dev}" > /dev/null
done
fi
pols=("$(aws iam list-attached-user-policies --user-name "${user_name}" | jq -r '.AttachedPolicies[] | .PolicyArn')")
if [[ "${#pols}" -gt "0" ]]; then
echo "Removing Attached User Policies:"
# shellcheck disable=SC2068
for policy in ${pols[@]}; do
echo -e "\tDetaching user policy $(basename "${policy}")"
aws iam detach-user-policy \
--user-name "${user_name}" \
--policy-arn "${policy}" > /dev/null
done
fi
inline_policies=("$(aws iam list-user-policies --user-name "${user_name}" | jq -r '.PolicyNames[]')")
if [[ "${#inline_policies}" -gt "0" ]]; then
echo "Deleting Inline Policies:"
# shellcheck disable=SC2068
for inline_policy in ${inline_policies[@]}; do
echo -e "\tDeleting inline policy ${inline_policy}"
aws iam delete-user-policy \
--user-name "${user_name}" \
--policy-name "${inline_policy}" > /dev/null
done
fi
groups=("$(aws iam list-groups-for-user --user-name "${user_name}" | jq -r '.Groups[] | .GroupName')")
if [[ "${#groups}" -gt "0" ]]; then
echo "Removing Group Memberships:"
# shellcheck disable=SC2068
for group in ${groups[@]}; do
echo -e "\tRemoving user from group ${group}"
aws iam remove-user-from-group \
--group-name "${group}" \
--user-name "${user_name}" > /dev/null
done
fi
echo "Deleting User ${user_name}"
aws iam delete-user --user-name "${user_name}" > /dev/null
@denist-huma
Copy link
Author

  1. redirect output to null allows not to press "q" to hide paginated output, can run in batch job
  2. diplay no output for the absent groups, policies, certs, keys, profiles, mfa-devs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment