-
-
Save math280h/f6b4881e9395ee6e50ef2095fcfaf71b to your computer and use it in GitHub Desktop.
Delete an IAM user with AWS CLI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| profile="$1" | |
| user_name="$2" | |
| echo "Removing user: ${user_name}" | |
| echo "Deleting Access Keys:" | |
| keys=("$(aws iam list-access-keys --user-name "${user_name}" --profile "${profile}" | jq -r '.AccessKeyMetadata[] | .AccessKeyId')") | |
| if [[ "${#keys}" -gt "0" ]]; then | |
| # shellcheck disable=SC2068 | |
| for key in ${keys[@]}; do | |
| echo -e "\tDeleting access key ${key}" | |
| aws iam delete-access-key --user-name "${user_name}" --access-key-id "${key}" --profile "${profile}" | |
| done | |
| fi | |
| echo "Deleting Signing Certificates:" | |
| certs=("$(aws iam list-signing-certificates --user-name "${user_name}" --profile "${profile}" | jq -r '.Certificates[] | .CertificateId')") | |
| if [[ "${#certs}" -gt "0" ]]; then | |
| # shellcheck disable=SC2068 | |
| for cert in ${certs[@]}; do | |
| echo -e "\tDeleting cert ${cert}" | |
| aws iam delete-signing-certificate --user-name "${user_name}" --certificate-id "$cert" --profile "${profile}" | |
| done | |
| fi | |
| echo "Deleting Login Profile" | |
| # shellcheck disable=SC2091 | |
| if $(aws iam get-login-profile --profile "${profile}" --user-name "${user_name}" &>/dev/null); then | |
| aws iam delete-login-profile --user-name "${user_name}" --profile "${profile}" | |
| fi | |
| echo "Deleting User's 2FA Devices:" | |
| devs=("$(aws iam list-mfa-devices --user-name "${user_name}" --profile "${profile}" | jq -r '.MFADevices[] | .SerialNumber')") | |
| if [[ "${#devs}" -gt "0" ]]; then | |
| # shellcheck disable=SC2068 | |
| for mfa_dev in ${devs[@]}; do | |
| echo -e "\tDeleting MFA ${mfa_dev}" | |
| aws iam deactivate-mfa-device --user-name "${user_name}" --serial-number "${mfa_dev}" --profile "${profile}" | |
| done | |
| fi | |
| echo "Removing Attached User Policies:" | |
| pols=("$(aws iam list-attached-user-policies --user-name "${user_name}" --profile "${profile}" | jq -r '.AttachedPolicies[] | .PolicyArn')") | |
| if [[ "${#pols}" -gt "0" ]]; then | |
| # shellcheck disable=SC2068 | |
| for policy in ${pols[@]}; do | |
| echo -e "\tDetaching user policy $(basename "${policy}")" | |
| aws iam detach-user-policy \ | |
| --profile "${profile}" \ | |
| --user-name "${user_name}" \ | |
| --policy-arn "${policy}" | |
| done | |
| fi | |
| echo "Deleting Inline Policies:" | |
| inline_policies=("$(aws iam list-user-policies --user-name "${user_name}" --profile "${profile}" | jq -r '.PolicyNames[]')") | |
| # shellcheck disable=SC2068 | |
| for inline_policy in ${inline_policies[@]}; do | |
| echo -e "\tDeleting inline policy ${inline_policy}" | |
| aws iam delete-user-policy \ | |
| --user-name "${user_name}" \ | |
| --profile "${profile}" \ | |
| --policy-name "${inline_policy}" | |
| done | |
| echo "Removing Group Memberships:" | |
| groups=("$(aws iam list-groups-for-user --profile "${profile}" --user-name "${user_name}" | jq -r '.Groups[] | .GroupName')") | |
| # shellcheck disable=SC2068 | |
| for group in ${groups[@]}; do | |
| echo -e "\tRemoving user from group ${group}" | |
| aws iam remove-user-from-group \ | |
| --group-name "${group}" \ | |
| --profile "${profile}" \ | |
| --user-name "${user_name}" | |
| done | |
| echo "Deleting User" | |
| aws iam delete-user --user-name "${user_name}" --profile "${profile}" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Syntax:
./delete_iam_user.sh <profile-name> <user-name>