Created
February 1, 2017 12:29
-
-
Save konz/93d3be8cf2b7d644f974f082f0a2c4c0 to your computer and use it in GitHub Desktop.
Delete all IAM users with dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import boto3 | |
users_to_retain = {"bla", "blub"} | |
iam = boto3.client('iam') | |
existing_users = set([u['UserName'] for u in iam.list_users(MaxItems=1000)['Users']]) | |
users_to_delete = existing_users - users_to_retain | |
def delete_access_keys(user_name): | |
response = iam.list_access_keys(UserName=user_name) | |
for key_id in [metadata['AccessKeyId'] for metadata in response['AccessKeyMetadata']]: | |
print("deleting access key for user {}: {}".format(user_name, key_id)) | |
iam.delete_access_key(UserName=user_name, AccessKeyId=key_id) | |
def delete_inline_policies(user_name): | |
response = iam.list_user_policies(UserName=user_name) | |
for policy_name in response['PolicyNames']: | |
print("deleting inline policy for user: {}: {}".format(user_name, policy_name)) | |
iam.delete_user_policy(UserName=user_name, PolicyName=policy_name) | |
def detach_policies(user_name): | |
response = iam.list_attached_user_policies(UserName=user_name) | |
for policy_arn in [attached_policies['PolicyArn'] for attached_policies in response['AttachedPolicies']]: | |
print("detaching user policy for user: {}: {}".format(user_name, policy_arn)) | |
iam.detach_user_policy(UserName=user_name, PolicyArn=policy_arn) | |
def remove_from_groups(user_name): | |
response = iam.list_groups_for_user(UserName=user_name) | |
for group_name in [group['GroupName'] for group in response['Groups']]: | |
print("removing user: {} from group: {}".format(user_name, group_name)) | |
iam.remove_user_from_group(UserName=user_name, GroupName=group_name) | |
for user_name in users_to_delete: | |
delete_access_keys(user_name) | |
delete_inline_policies(user_name) | |
detach_policies(user_name) | |
remove_from_groups(user_name) | |
print("deleting user: {}".format(user_name)) | |
iam.delete_user(UserName=user_name) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment