-
-
Save mafonso/7ee51981581f544ed52c to your computer and use it in GitHub Desktop.
| for user in $(aws iam list-users --output text --no-cli-pager | awk '{print $NF}'); do | |
| aws iam list-access-keys --user $user --output text --no-cli-pager | |
| test $? -gt 128 && exit | |
| done |
| for user in $(aws iam list-users --output text --no-cli-pager| awk '{print $NF}'); do aws iam list-access-keys --user $user --output json --no-cli-pager; done | jq |
@jars I've got full admin roles and I don't get the actual key IDs in the resulting CSV. I get all the active / last used sort of stuff, but not the IDs.
You're right @ceejayoz , thanks for pointing that out. At the most, the credential report can offer some access key metadata. Folks might be able to use this to reduce calls to the aws iam list-access-keys endpoint.
I modified your command a bit to run in cloudshell in case it helps anyone.
for user in $(aws iam list-users --output text | awk '{print $NF}'); do aws iam list-access-keys --user $user --output text; done
Thank you all. I didn't realize until now that this little thing was getting this visibility.
Some good suggestions up there that I took up in the updated version.
Also added a one-liner and JSON version more suitable to pipe into jq
FYI if you have access, the same information (and more) is accessible in IAM Console -> Credential Report.