Forked from rosstimson/aws-access-key-to-iam-name.sh
Last active
January 25, 2016 16:31
-
-
Save mlehner616/7adedebce18e4c5388cf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # | |
| # Pass this script an AWS access key ID and it will show you what IAM user | |
| # has that key. | |
| # | |
| # Usage: | |
| # aws-access-key-to-iam-name some_key_id | |
| # | |
| readonly PROGNAME=$(basename $0) | |
| readonly ARGS="$@" | |
| check_command_exists() { | |
| type "$1" &> /dev/null ; | |
| if [ $? -eq 1 ]; then | |
| echo >&2 "$1 is required, you must install it before using this script." | |
| fi | |
| } | |
| get_all_iam_users() { | |
| aws iam list-users --query "Users[].{UserName:UserName}" --output text > /tmp/aws_iam_users | |
| } | |
| get_all_access_key_ids() { | |
| echo 'Iterating through all AWS IAM users.' | |
| echo 'This may take a little while...' | |
| echo '' | |
| for user in `cat /tmp/aws_iam_users` | |
| do | |
| aws iam list-access-keys --user-name $user >> /tmp/aws_access_key_ids.json | |
| done | |
| } | |
| find_and_show_access_key_owner() { | |
| cat /tmp/aws_access_key_ids.json | grep -B 3 $ARGS | sed -e 's/^[ \t]*//' | |
| } | |
| cleanup() { | |
| rm /tmp/aws_iam_users | |
| rm /tmp/aws_access_key_ids.json | |
| } | |
| usage() { | |
| cat <<- EOF | |
| usage: $PROGNAME options | |
| Finds the AWS IAM user that has a specific Access Key. | |
| OPTIONS: | |
| -h --help show this help | |
| -x --debug debug mode | |
| EXAMPLES: | |
| Run: | |
| $PROGNAME ABCDEFGHIJK123456789 | |
| Output: | |
| "UserName": "my-iam-user", | |
| "Status": "Active", | |
| "CreateDate": "2014-06-26T13:44:04Z", | |
| "AccessKeyId": "ABCDEFGHIJK123456789" | |
| EOF | |
| } | |
| cmdline() { | |
| local arg= | |
| for arg | |
| do | |
| local delim="" | |
| case "$arg" in | |
| #translate --gnu-long-options to -g (short options) | |
| --help) args="${args}-h ";; | |
| --debug) args="${args}-x ";; | |
| #pass through anything else | |
| *) [[ "${arg:0:1}" == "-" ]] || delim="\"" | |
| args="${args}${delim}${arg}${delim} ";; | |
| esac | |
| done | |
| #Reset the positional parameters to the short options | |
| eval set -- $args | |
| while getopts "hx:" OPTION | |
| do | |
| case $OPTION in | |
| h) | |
| usage | |
| exit 0 | |
| ;; | |
| x) | |
| readonly DEBUG='-x' | |
| set -x | |
| ;; | |
| esac | |
| done | |
| return 0 | |
| } | |
| main() { | |
| cmdline $ARGS | |
| # Check pre-requisites | |
| check_command_exists aws | |
| get_all_iam_users | |
| get_all_access_key_ids | |
| # Main function call that will show the IAM user associated with the | |
| # access key id passed as an arguement. | |
| find_and_show_access_key_owner | |
| # Get rid of cached lists when we're done. | |
| cleanup | |
| } | |
| main | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment