Delete all IAM users with dependencies

delete-users.py

#!/usr/bin/env python

import boto3

users_to_retain = {"bla", "blub"}

iam = boto3.client('iam')

existing_users = set([u['UserName'] for u in iam.list_users(MaxItems=1000)['Users']])
users_to_delete = existing_users - users_to_retain


def delete_access_keys(user_name):
    response = iam.list_access_keys(UserName=user_name)
    for key_id in [metadata['AccessKeyId'] for metadata in response['AccessKeyMetadata']]:
        print("deleting access key for user {}: {}".format(user_name, key_id))

        iam.delete_access_key(UserName=user_name, AccessKeyId=key_id)


def delete_inline_policies(user_name):
    response = iam.list_user_policies(UserName=user_name)
    for policy_name in response['PolicyNames']:
        print("deleting inline policy for user: {}: {}".format(user_name, policy_name))

        iam.delete_user_policy(UserName=user_name, PolicyName=policy_name)


def detach_policies(user_name):
    response = iam.list_attached_user_policies(UserName=user_name)
    for policy_arn in [attached_policies['PolicyArn'] for attached_policies in response['AttachedPolicies']]:
        print("detaching user policy for user: {}: {}".format(user_name, policy_arn))

        iam.detach_user_policy(UserName=user_name, PolicyArn=policy_arn)


def remove_from_groups(user_name):
    response = iam.list_groups_for_user(UserName=user_name)
    for group_name in [group['GroupName'] for group in response['Groups']]:
        print("removing user: {} from group: {}".format(user_name, group_name))

        iam.remove_user_from_group(UserName=user_name, GroupName=group_name)


for user_name in users_to_delete:
    delete_access_keys(user_name)
    delete_inline_policies(user_name)
    detach_policies(user_name)
    remove_from_groups(user_name)

    print("deleting user: {}".format(user_name))
    iam.delete_user(UserName=user_name)