nickadam · April 20, 2023 03:56
diff --git a/Get-AwsPolicies.ps1 b/Get-AwsPolicies.ps1
 Write-Progress -Activity "IAM List (1/2)" -Status ("0% AttachedPolicies") -PercentComplete 0
 $AttachedPolicies = & aws iam list-policies --only-attached | ConvertFrom-Json | Select-Object -ExpandProperty Policies
 Write-Progress -Activity "IAM List (1/2)" -Status ("25% Users") -PercentComplete 0
 $Users = & aws iam list-users | ConvertFrom-Json | Select-Object -ExpandProperty Users
 Write-Progress -Activity "IAM List (1/2)" -Status ("50% Roles") -PercentComplete 0
 $Roles = & aws iam list-roles | ConvertFrom-Json | Select-Object -ExpandProperty Roles
 Write-Progress -Activity "IAM List (1/2)" -Status ("75% Groups") -PercentComplete 0
 $Groups = & aws iam list-groups | ConvertFrom-Json | Select-Object -ExpandProperty Groups

 $t = ($AttachedPolicies.Length + $Users.Length + $Roles.Length + $Groups.Length)
 $i = 0

 $AttachedPolicies = $AttachedPolicies | ForEach-Object {
  $Percent = [String]([Int](($i / $t) * 100))
  Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% AttachedPolicies") -PercentComplete $Percent
  $i++

  $Arn = $_.Arn
  $VersionId = $_.DefaultVersionId

  $Content = & aws iam get-policy-version --policy-arn $Arn --version-id $VersionId | ConvertFrom-Json | Select-Object -ExpandProperty PolicyVersion
  $_ | Add-Member -NotePropertyName "Content" -NotePropertyValue $Content -PassThru
 }

 $Users = $Users | ForEach-Object {
  $Percent = [String]([Int](($i / $t) * 100))
  Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Users") -PercentComplete $Percent
  $i++

  $User = $_
  $UserName = $_.UserName

  $GroupList = & aws iam list-groups-for-user --user-name $UserName | ConvertFrom-Json | Select-Object -ExpandProperty Groups
  $User | Add-Member -NotePropertyName "Groups" -NotePropertyValue $GroupList

  $PolicyList =  & aws iam list-attached-user-policies --user-name $UserName | ConvertFrom-Json | Select-Object -ExpandProperty AttachedPolicies
  $User | Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

  $Policies = & aws iam list-user-policies --user-name $UserName | ConvertFrom-Json | Select-Object -ExpandProperty PolicyNames
  $Policies = $Policies | ForEach-Object {
    $PolicyName = $_
    & aws iam get-user-policy --user-name $UserName --policy-name $PolicyName | ConvertFrom-Json
  }

  $User | Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
 }

 $Roles = $Roles | ForEach-Object {
  $Percent = [String]([Int](($i / $t) * 100))
  Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Roles") -PercentComplete $Percent
  $i++

  $Role = $_
  $RoleName = $_.RoleName

  $PolicyList =  & aws iam list-attached-role-policies --role-name $RoleName | ConvertFrom-Json | Select-Object -ExpandProperty AttachedPolicies
  $Role | Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

  $Policies = & aws iam list-role-policies --role-name $RoleName | ConvertFrom-Json | Select-Object -ExpandProperty PolicyNames
  $Policies = $Policies | ForEach-Object {
    $PolicyName = $_
    & aws iam get-role-policy --role-name $RoleName --policy-name $PolicyName | ConvertFrom-Json
  }

  $Role | Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
 }

 $Groups = $Groups | ForEach-Object {
  $Percent = [String]([Int](($i / $t) * 100))
  Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Groups") -PercentComplete $Percent
  $i++

  $Group = $_
  $GroupName = $_.GroupName

  $PolicyList =  & aws iam list-attached-group-policies --group-name $GroupName | ConvertFrom-Json | Select-Object -ExpandProperty AttachedPolicies
  $Group | Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

  $Policies = & aws iam list-group-policies --group-name $GroupName | ConvertFrom-Json | Select-Object -ExpandProperty PolicyNames
  $Policies = $Policies | ForEach-Object {
    $PolicyName = $_
    & aws iam get-group-policy --group-name $GroupName --policy-name $PolicyName | ConvertFrom-Json
  }

  $Group | Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
 }

 [PSCustomObject]@{
  Users = $Users
  Roles = $Roles
  Groups = $Groups
  AttachedPolicies = $AttachedPolicies
 } | ConvertTo-Json -Depth 100 | Out-File -Encoding Default policies.json
	Write-Progress -Activity "IAM List (1/2)" -Status ("0% AttachedPolicies") -PercentComplete 0
	$AttachedPolicies = & aws iam list-policies --only-attached \| ConvertFrom-Json \| Select-Object -ExpandProperty Policies
	Write-Progress -Activity "IAM List (1/2)" -Status ("25% Users") -PercentComplete 0
	$Users = & aws iam list-users \| ConvertFrom-Json \| Select-Object -ExpandProperty Users
	Write-Progress -Activity "IAM List (1/2)" -Status ("50% Roles") -PercentComplete 0
	$Roles = & aws iam list-roles \| ConvertFrom-Json \| Select-Object -ExpandProperty Roles
	Write-Progress -Activity "IAM List (1/2)" -Status ("75% Groups") -PercentComplete 0
	$Groups = & aws iam list-groups \| ConvertFrom-Json \| Select-Object -ExpandProperty Groups

	$t = ($AttachedPolicies.Length + $Users.Length + $Roles.Length + $Groups.Length)
	$i = 0

	$AttachedPolicies = $AttachedPolicies \| ForEach-Object {
	$Percent = [String]([Int](($i / $t) * 100))
	Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% AttachedPolicies") -PercentComplete $Percent
	$i++

	$Arn = $_.Arn
	$VersionId = $_.DefaultVersionId

	$Content = & aws iam get-policy-version --policy-arn $Arn --version-id $VersionId \| ConvertFrom-Json \| Select-Object -ExpandProperty PolicyVersion
	$_ \| Add-Member -NotePropertyName "Content" -NotePropertyValue $Content -PassThru
	}

	$Users = $Users \| ForEach-Object {
	$Percent = [String]([Int](($i / $t) * 100))
	Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Users") -PercentComplete $Percent
	$i++

	$User = $_
	$UserName = $_.UserName

	$GroupList = & aws iam list-groups-for-user --user-name $UserName \| ConvertFrom-Json \| Select-Object -ExpandProperty Groups
	$User \| Add-Member -NotePropertyName "Groups" -NotePropertyValue $GroupList

	$PolicyList = & aws iam list-attached-user-policies --user-name $UserName \| ConvertFrom-Json \| Select-Object -ExpandProperty AttachedPolicies
	$User \| Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

	$Policies = & aws iam list-user-policies --user-name $UserName \| ConvertFrom-Json \| Select-Object -ExpandProperty PolicyNames
	$Policies = $Policies \| ForEach-Object {
	$PolicyName = $_
	& aws iam get-user-policy --user-name $UserName --policy-name $PolicyName \| ConvertFrom-Json
	}

	$User \| Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
	}

	$Roles = $Roles \| ForEach-Object {
	$Percent = [String]([Int](($i / $t) * 100))
	Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Roles") -PercentComplete $Percent
	$i++

	$Role = $_
	$RoleName = $_.RoleName

	$PolicyList = & aws iam list-attached-role-policies --role-name $RoleName \| ConvertFrom-Json \| Select-Object -ExpandProperty AttachedPolicies
	$Role \| Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

	$Policies = & aws iam list-role-policies --role-name $RoleName \| ConvertFrom-Json \| Select-Object -ExpandProperty PolicyNames
	$Policies = $Policies \| ForEach-Object {
	$PolicyName = $_
	& aws iam get-role-policy --role-name $RoleName --policy-name $PolicyName \| ConvertFrom-Json
	}

	$Role \| Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
	}

	$Groups = $Groups \| ForEach-Object {
	$Percent = [String]([Int](($i / $t) * 100))
	Write-Progress -Activity "IAM Get (2/2)" -Status ($Percent + "% Groups") -PercentComplete $Percent
	$i++

	$Group = $_
	$GroupName = $_.GroupName

	$PolicyList = & aws iam list-attached-group-policies --group-name $GroupName \| ConvertFrom-Json \| Select-Object -ExpandProperty AttachedPolicies
	$Group \| Add-Member -NotePropertyName "AttachedPolicies" -NotePropertyValue $PolicyList

	$Policies = & aws iam list-group-policies --group-name $GroupName \| ConvertFrom-Json \| Select-Object -ExpandProperty PolicyNames
	$Policies = $Policies \| ForEach-Object {
	$PolicyName = $_
	& aws iam get-group-policy --group-name $GroupName --policy-name $PolicyName \| ConvertFrom-Json
	}

	$Group \| Add-Member -NotePropertyName "InlinePolicies" -NotePropertyValue $Policies -PassThru
	}

	[PSCustomObject]@{
	Users = $Users
	Roles = $Roles
	Groups = $Groups
	AttachedPolicies = $AttachedPolicies
	} \| ConvertTo-Json -Depth 100 \| Out-File -Encoding Default policies.json