piyusht007 · January 9, 2020 09:11
diff --git a/findIAMUsers.sh b/findIAMUsers.sh
 #!/bin/sh                                                                                                                     
 set +x;                                                                                                                       
                                                                                                                              
 SHOW_THRESHOLD_BREACHED_ONLY=$1;                                                                                              
 SEPARATOR=",";                                                                                                                
 LAST_ACTIVITY="LastActivity:";                                                                                                
 ACCESS_KEY_AGE="AccessKeyAge:";                                                                                               
 flagged="true";                                                                                                               
 notFlagged="false";                                                                                                           
 THRESHOLD_BREACH="ThresholdBreach:";                                                                                          
                                                                                                                              
 verifyDateAndDisplay() {                                                                                                      
 givenDate=$1;                                                                                                                
 output=$2;                                                                                                                   
 date -d $givenDate > /dev/null 2>&1;                                                                                         
 if [ $? ];                                                                                                                   
 then                                                                                                                         
  inactivityDays=$(($(($(date "+%s") - $(date -d $givenDate "+%s"))) / 86400));                                               
  output=$output$inactivityDays;                                                                                              
  return $inactivityDays;                                                                                                     
 else                                                                                                                         
  output=$output"None";                                                                                                       
  return 0;                                                                                                                   
 fi                                                                                                                           
 }                                                                                                                             
                                                                                                                              
 for username in `aws iam list-users | jq -r '.Users[].UserName'`                                                              
 do                                                                                                                            
 echo "#############################";                                                                                        
 thresholdBreach=1;                                                                                                           
 output=$username$SEPARATOR$LAST_ACTIVITY;                                                                                    
 accessKeyId=`aws iam list-access-keys --user-name $username | jq -r '.AccessKeyMetadata[].AccessKeyId'`;                     
 if [ ! -z $accessKeyId ]                                                                                                     
 then                                                                                                                         
  lastUsedDate=`aws iam get-access-key-last-used --access-key-id $accessKeyId | jq -r '.AccessKeyLastUsed.LastUsedDate'`;     
  verifyDateAndDisplay $lastUsedDate $output;                                                                                 
  inactivityDays=$?;                                                                                                          
  if [ $inactivityDays -ge 90 ]                                                                                               
  then                                                                                                                        
   thresholdBreach=0;                                                                                                         
  fi                                                                                                                          
 else
   output=$output"None";
 fi

 output=$output$SEPARATOR$ACCESS_KEY_AGE;
 accessKeyCreationDate=`aws iam list-access-keys --user-name $username | jq -r '.AccessKeyMetadata[].CreateDate'`;
 if [ ! -z $accessKeyCreationDate ]
 then
  verifyDateAndDisplay $accessKeyCreationDate $output;
  inactivityDays=$?;
  if [ $thresholdBreach ]
  then
   output=$output$SEPARATOR$THRESHOLD_BREACH$flagged;
  else
    if [ $inactivityDays -ge 90 ]
    then
     output=$output$SEPARATOR$THRESHOLD_BREACH$flagged;
    else
     output=$output$SEPARATOR$THRESHOLD_BREACH$notFlagged;
    fi
  fi
 else
  output=$output"None";
 fi

 if [ $SHOW_THRESHOLD_BREACHED_ONLY ]
 then
  echo $output | grep "ThresholdBreach:true";
 else
  echo $output;
 fi
 done
	#!/bin/sh
	set +x;

	SHOW_THRESHOLD_BREACHED_ONLY=$1;
	SEPARATOR=",";
	LAST_ACTIVITY="LastActivity:";
	ACCESS_KEY_AGE="AccessKeyAge:";
	flagged="true";
	notFlagged="false";
	THRESHOLD_BREACH="ThresholdBreach:";

	verifyDateAndDisplay() {
	givenDate=$1;
	output=$2;
	date -d $givenDate > /dev/null 2>&1;
	if [ $? ];
	then
	inactivityDays=$(($(($(date "+%s") - $(date -d $givenDate "+%s"))) / 86400));
	output=$output$inactivityDays;
	return $inactivityDays;
	else
	output=$output"None";
	return 0;
	fi
	}

	for username in `aws iam list-users \| jq -r '.Users[].UserName'`
	do
	echo "#############################";
	thresholdBreach=1;
	output=$username$SEPARATOR$LAST_ACTIVITY;
	accessKeyId=`aws iam list-access-keys --user-name $username \| jq -r '.AccessKeyMetadata[].AccessKeyId'`;
	if [ ! -z $accessKeyId ]
	then
	lastUsedDate=`aws iam get-access-key-last-used --access-key-id $accessKeyId \| jq -r '.AccessKeyLastUsed.LastUsedDate'`;
	verifyDateAndDisplay $lastUsedDate $output;
	inactivityDays=$?;
	if [ $inactivityDays -ge 90 ]
	then
	thresholdBreach=0;
	fi
	else
	output=$output"None";
	fi

	output=$output$SEPARATOR$ACCESS_KEY_AGE;
	accessKeyCreationDate=`aws iam list-access-keys --user-name $username \| jq -r '.AccessKeyMetadata[].CreateDate'`;
	if [ ! -z $accessKeyCreationDate ]
	then
	verifyDateAndDisplay $accessKeyCreationDate $output;
	inactivityDays=$?;
	if [ $thresholdBreach ]
	then
	output=$output$SEPARATOR$THRESHOLD_BREACH$flagged;
	else
	if [ $inactivityDays -ge 90 ]
	then
	output=$output$SEPARATOR$THRESHOLD_BREACH$flagged;
	else
	output=$output$SEPARATOR$THRESHOLD_BREACH$notFlagged;
	fi
	fi
	else
	output=$output"None";
	fi

	if [ $SHOW_THRESHOLD_BREACHED_ONLY ]
	then
	echo $output \| grep "ThresholdBreach:true";
	else
	echo $output;
	fi
	done