Last active
October 10, 2023 05:19
-
-
Save mafonso/7ee51981581f544ed52c to your computer and use it in GitHub Desktop.
List Access Keys for all IAM users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for user in $(aws iam list-users --output text --no-cli-pager | awk '{print $NF}'); do | |
| aws iam list-access-keys --user $user --output text --no-cli-pager | |
| test $? -gt 128 && exit | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for user in $(aws iam list-users --output text --no-cli-pager| awk '{print $NF}'); do aws iam list-access-keys --user $user --output json --no-cli-pager; done | jq |
I modified your command a bit to run in cloudshell in case it helps anyone.
for user in $(aws iam list-users --output text | awk '{print $NF}'); do aws iam list-access-keys --user $user --output text; done
Thank you all. I didn't realize until now that this little thing was getting this visibility.
Some good suggestions up there that I took up in the updated version.
Also added a one-liner and JSON version more suitable to pipe into jq
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You're right @ceejayoz , thanks for pointing that out. At the most, the credential report can offer some access key metadata. Folks might be able to use this to reduce calls to the
aws iam list-access-keysendpoint.