Last active
October 10, 2023 05:19
-
-
Save mafonso/7ee51981581f544ed52c to your computer and use it in GitHub Desktop.
List Access Keys for all IAM users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for user in $(aws iam list-users --output text --no-cli-pager | awk '{print $NF}'); do | |
| aws iam list-access-keys --user $user --output text --no-cli-pager | |
| test $? -gt 128 && exit | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for user in $(aws iam list-users --output text --no-cli-pager| awk '{print $NF}'); do aws iam list-access-keys --user $user --output json --no-cli-pager; done | jq |
You're right @ceejayoz , thanks for pointing that out. At the most, the credential report can offer some access key metadata. Folks might be able to use this to reduce calls to the aws iam list-access-keys endpoint.
I modified your command a bit to run in cloudshell in case it helps anyone.
for user in $(aws iam list-users --output text | awk '{print $NF}'); do aws iam list-access-keys --user $user --output text; done
Thank you all. I didn't realize until now that this little thing was getting this visibility.
Some good suggestions up there that I took up in the updated version.
Also added a one-liner and JSON version more suitable to pipe into jq
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@jars I've got full admin roles and I don't get the actual key IDs in the resulting CSV. I get all the active / last used sort of stuff, but not the IDs.