Last active
November 15, 2023 15:48
-
-
Save prog893/f8f656f5e43ddbcc8ee965f6b35a84fa to your computer and use it in GitHub Desktop.
The missing "aws iam describe-role" that outputs assume role document, and contents of all related inline and attached policies
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: ./iam_describe_role.sh ROLE_NAME | |
| # Prerequisites: awscli and jq | |
| if [ -z "$1" ]; then | |
| echo "Role name not provided" >&2 | |
| exit 1 | |
| fi | |
| role="$1" | |
| echo "Role: $role" | |
| if ! aws iam get-role --role-name "$role" >/dev/null; then | |
| exit 1 | |
| fi | |
| echo "Assume policy:" | |
| aws iam get-role --role-name "$role" | jq -r '.Role.AssumeRolePolicyDocument' | |
| # Attached policies | |
| attached_policies=$(aws iam list-attached-role-policies --role-name "$role" | jq -r '.AttachedPolicies[].PolicyArn') | |
| if [ -n "$attached_policies" ]; then | |
| echo -e "\nAttached policies:" | |
| for policy in $attached_policies; do | |
| version_id=$(aws iam get-policy --policy-arn "$policy" | jq -r '.Policy.DefaultVersionId') | |
| echo "$policy @ $version_id" | |
| aws iam get-policy-version --policy-arn "$policy" --version-id "$version_id" | jq | |
| done | |
| fi | |
| # Inline policies | |
| inline_policies=$(aws iam list-role-policies --role-name "$role" | jq -r '.PolicyNames[]') | |
| if [ -n "$inline_policies" ]; then | |
| echo -e "\nInline policies:" | |
| for policy in $inline_policies; do | |
| aws iam get-role-policy --role-name $role --policy-name "$policy" | jq | |
| done | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment