robbwagoner · August 29, 2015 14:07
diff --git a/find_iam_user.py b/find_iam_user.py
 # Find the IAM username belonging to the TARGET_ACCESS_KEY
 # Useful for finding IAM user corresponding to a compromised AWS credential

 # Requirements:
 #
 # Environmental variables: 
 #    AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
 #   or
 #    AWS_PROFILE
 # python: 
 #    boto
 #
 #
 import sys
 import boto.iam

 TARGET_ACCESS_KEYS = sys.argv[1:]

 iam = boto.connect_iam()

 users = iam.get_all_users('/')['list_users_response']['list_users_result']['users']

 def find_key(access_key):
    for user in users:
        for key_result in iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result']['access_key_metadata']:
            aws_access_key = key_result['access_key_id']
            if aws_access_key == access_key:
                print access_key + ' : ' + user['user_name']
                return True
    return False

 for access_key in TARGET_ACCESS_KEYS:
    if not find_key(access_key):
        print access_key + ' : NOT_FOUND'
	# Find the IAM username belonging to the TARGET_ACCESS_KEY
	# Useful for finding IAM user corresponding to a compromised AWS credential

	# Requirements:
	#
	# Environmental variables:
	# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
	# or
	# AWS_PROFILE
	# python:
	# boto
	#
	#
	import sys
	import boto.iam

	TARGET_ACCESS_KEYS = sys.argv[1:]

	iam = boto.connect_iam()

	users = iam.get_all_users('/')['list_users_response']['list_users_result']['users']

	def find_key(access_key):
	for user in users:
	for key_result in iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result']['access_key_metadata']:
	aws_access_key = key_result['access_key_id']
	if aws_access_key == access_key:
	print access_key + ' : ' + user['user_name']
	return True
	return False

	for access_key in TARGET_ACCESS_KEYS:
	if not find_key(access_key):
	print access_key + ' : NOT_FOUND'