hernandanielg · July 14, 2023 09:33 · lnvn · Jul 14, 2023
diff --git a/delete_iam_user.sh b/delete_iam_user.sh
 #!/bin/bash

 #
 # @author: Hernan Garcia <[email protected]>
 # https://gist.github.com/hernandanielg/430f3adb8e297f37ef6f0efb45a51bdc
 # 
 # usage: ./delete_iam_user.sh [options] <user>
 # options:
 #   -d|--dry-run  dry run mode
 #

 AWS_CLI_IAM_CMD="aws iam"

 list_items() {
  local AWS_CLI_LIST_CMD="$1"
  local AWS_CLI_LIST_QUERY="$2"
  
  $AWS_CLI_IAM_CMD $AWS_CLI_LIST_CMD --user-name $user --query $AWS_CLI_LIST_QUERY --output text
 }

 remove_items() {
  [[ -z $1 ]] && return 0

  local ITEMS=$1
  local AWS_CLI_DELETE_CMD="$2"
  local AWS_CLI_ITEM_FLAG="$3"

  for item in $ITEMS ;
  do
    local cmd="$AWS_CLI_IAM_CMD $AWS_CLI_DELETE_CMD --user-name $user --$AWS_CLI_ITEM_FLAG $item"

    if [[ $DRY_RUN == true ]]; then
      >&2 echo "[dry-run] $cmd"
      continue
    fi

    >&2 echo "$cmd"
    $cmd
  done
 }

 usage() {
  >&2 echo "usage: $0 [-d|--dry-run] <user>"
  exit -1
 }

 unknown_flag() {
  if [ "$OPTERR" = 1 ] && [ "${optspec:0:1}" != ":" ]; then
    >&2 echo "Unknown flag --${OPTARG}" 
    usage
  fi
 }

 check_user_exists() {
  local user=$1
  if [[ -z $($AWS_CLI_IAM_CMD get-user --user-name $user 2>/dev/null) ]]
  then
    >&2 echo "user not found: $user"
    exit -2
  fi
 }

 while getopts ":dh-:" optchar; do
  case "${optchar}" in
    -)
      case "${OPTARG}" in
        dry-run)
          DRY_RUN=true
          >&2 echo "dry run mode..." 
          ;;
        help)
          usage
          ;;
        *)
          unknown_flag
          ;;
      esac;;
    d)
      DRY_RUN=true
      >&2 echo "dry run mode..." 
      ;;
    h)
      usage
      ;;
    *)
      unknown_flag
      ;;
  esac
 done
 shift "$(($OPTIND -1))"

 if [ $# -eq 0 ]; then
  usage
 fi

 user=$1
 check_user_exists $user

 echo -e "\nUser to be deleted: $user \n"

 read -p "Type user name \"$user\" to continue: "
 if [ "$REPLY" != $user ]; then
  >&2 echo "Cancelled"
  exit -3
 fi
 echo

 while read listcmd filter deletecmd flag ;
 do
  items="$(list_items "$listcmd" "$filter")"

  [[ -z $items ]] && continue

  remove_items "$items" "$deletecmd" "$flag"
 done <<EOF
  list-access-keys AccessKeyMetadata[*].AccessKeyId delete-access-key access-key-id
  list-signing-certificates Certificates[*].CertificateId delete-signing-certificate certificate-id
  list-ssh-public-keys SSHPublicKeys[*].SSHPublicKeyId delete-ssh-public-key ssh-public-key
  list-service-specific-credentials ServiceSpecificCredentials[*].ServiceSpecificCredentialId delete-service-specific-credential service-specific-credential-id
  list-mfa-devices MFADevices[*].SerialNumber deactivate-mfa-device serial-number 
  list-mfa-devices MFADevices[*].SerialNumber delete-virtual-mfa-device serial-number 
  list-user-policies PolicyNames[*] delete-user-policy policy-name
  list-attached-user-policies AttachedPolicies[*].PolicyArn detach-user-policy policy-arn
  list-groups-for-user Groups[*].GroupName remove-user-from-group group-name
  get-login-profile LoginProfile.UserName delete-login-profile user-name
  get-user User.UserName delete-user user-name
 EOF
	#!/bin/bash

	#
	# @author: Hernan Garcia <[email protected]>
	# https://gist.github.com/hernandanielg/430f3adb8e297f37ef6f0efb45a51bdc
	#
	# usage: ./delete_iam_user.sh [options] <user>
	# options:
	# -d\|--dry-run dry run mode
	#

	AWS_CLI_IAM_CMD="aws iam"

	list_items() {
	local AWS_CLI_LIST_CMD="$1"
	local AWS_CLI_LIST_QUERY="$2"

	$AWS_CLI_IAM_CMD $AWS_CLI_LIST_CMD --user-name $user --query $AWS_CLI_LIST_QUERY --output text
	}

	remove_items() {
	[[ -z $1 ]] && return 0

	local ITEMS=$1
	local AWS_CLI_DELETE_CMD="$2"
	local AWS_CLI_ITEM_FLAG="$3"

	for item in $ITEMS ;
	do
	local cmd="$AWS_CLI_IAM_CMD $AWS_CLI_DELETE_CMD --user-name $user --$AWS_CLI_ITEM_FLAG $item"

	if [[ $DRY_RUN == true ]]; then
	>&2 echo "[dry-run] $cmd"
	continue
	fi

	>&2 echo "$cmd"
	$cmd
	done
	}

	usage() {
	>&2 echo "usage: $0 [-d\|--dry-run] <user>"
	exit -1
	}

	unknown_flag() {
	if [ "$OPTERR" = 1 ] && [ "${optspec:0:1}" != ":" ]; then
	>&2 echo "Unknown flag --${OPTARG}"
	usage
	fi
	}

	check_user_exists() {
	local user=$1
	if [[ -z $($AWS_CLI_IAM_CMD get-user --user-name $user 2>/dev/null) ]]
	then
	>&2 echo "user not found: $user"
	exit -2
	fi
	}

	while getopts ":dh-:" optchar; do
	case "${optchar}" in
	-)
	case "${OPTARG}" in
	dry-run)
	DRY_RUN=true
	>&2 echo "dry run mode..."
	;;
	help)
	usage
	;;
	*)
	unknown_flag
	;;
	esac;;
	d)
	DRY_RUN=true
	>&2 echo "dry run mode..."
	;;
	h)
	usage
	;;
	*)
	unknown_flag
	;;
	esac
	done
	shift "$(($OPTIND -1))"

	if [ $# -eq 0 ]; then
	usage
	fi

	user=$1
	check_user_exists $user

	echo -e "\nUser to be deleted: $user \n"

	read -p "Type user name \"$user\" to continue: "
	if [ "$REPLY" != $user ]; then
	>&2 echo "Cancelled"
	exit -3
	fi
	echo

	while read listcmd filter deletecmd flag ;
	do
	items="$(list_items "$listcmd" "$filter")"

	[[ -z $items ]] && continue

	remove_items "$items" "$deletecmd" "$flag"
	done <<EOF
	list-access-keys AccessKeyMetadata[*].AccessKeyId delete-access-key access-key-id
	list-signing-certificates Certificates[*].CertificateId delete-signing-certificate certificate-id
	list-ssh-public-keys SSHPublicKeys[*].SSHPublicKeyId delete-ssh-public-key ssh-public-key
	list-service-specific-credentials ServiceSpecificCredentials[*].ServiceSpecificCredentialId delete-service-specific-credential service-specific-credential-id
	list-mfa-devices MFADevices[*].SerialNumber deactivate-mfa-device serial-number
	list-mfa-devices MFADevices[*].SerialNumber delete-virtual-mfa-device serial-number
	list-user-policies PolicyNames[*] delete-user-policy policy-name
	list-attached-user-policies AttachedPolicies[*].PolicyArn detach-user-policy policy-arn
	list-groups-for-user Groups[*].GroupName remove-user-from-group group-name
	get-login-profile LoginProfile.UserName delete-login-profile user-name
	get-user User.UserName delete-user user-name
	EOF