Get all IAM rights for a particular user.

get_iam_rights_for_user.py

#!/usr/bin/env python
from __future__ import print_function
# Displays all the policies associated to IAM username
# Useful for reviewing IAM user rights

# Requirements:
#
# Environmental variables:
# 		AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
# python:
#		boto

import boto.iam
import sys
import urllib 

if len(sys.argv) == 1:
	print('Usage: \n get_iam_rights_for_user.py USER_NAME')
	exit(1)
USER_NAME = sys.argv[1]

iam = boto.connect_iam()

user_policies = iam.get_all_user_policies(USER_NAME)
policy_names = user_policies["list_user_policies_response"]["list_user_policies_result"]["policy_names"] 
for policy in policy_names:
    print("User Policy: ", policy)
    policy_output = iam.get_user_policy(USER_NAME, policy)["get_user_policy_response"]["get_user_policy_result"]["policy_document"]
    print(urllib.unquote(policy_output).decode('utf8'))

groups = iam.get_groups_for_user(user_name=USER_NAME)
groups = groups["list_groups_for_user_response"]["list_groups_for_user_result"]["groups"]
for group in groups:
    group_name = group["group_name"]
    print("Group: ", group_name)
    group_policies = iam.get_all_group_policies(group_name)
    policy_names = group_policies["list_group_policies_response"]["list_group_policies_result"]["policy_names"]
    for policy in policy_names:
        print("Group Policy: ", policy)
        policy_output = iam.get_group_policy(group_name, policy)
        policy_document = policy_output["get_group_policy_response"]["get_group_policy_result"]["policy_document"] 
        print(urllib.unquote(policy_document).decode('utf8'))