Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
AWS_Auditing_Framework/Script1.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
43 lines (35 sloc)
1.49 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
def list_user_policies(iam_client, user_name): | |
try: | |
response = iam_client.list_user_policies(UserName=user_name) | |
return response['PolicyNames'] | |
except Exception as e: | |
print(f"Error listing policies for user {user_name}: {e}") | |
return [] | |
def get_user_policy(iam_client, user_name, policy_name): | |
try: | |
response = iam_client.get_user_policy(UserName=user_name, PolicyName=policy_name) | |
return response['PolicyDocument'] | |
except Exception as e: | |
print(f"Error getting policy {policy_name} for user {user_name}: {e}") | |
return None | |
def enumerate_iam_policies(profile_name, user_name): | |
# Initialize a session using Amazon IAM | |
session = boto3.Session(profile_name=profile_name) | |
iam_client = session.client('iam') | |
# List user policies | |
policy_names = list_user_policies(iam_client, user_name) | |
if not policy_names: | |
print(f"No policies found for user {user_name}") | |
return | |
# Get details of each policy | |
for policy_name in policy_names: | |
policy_document = get_user_policy(iam_client, user_name, policy_name) | |
if policy_document: | |
print(f"Policy Name: {policy_name}") | |
print(f"Policy Document: {policy_document}\n") | |
if __name__ == "__main__": | |
# Prompt the user for the profile name and IAM user name | |
profile_name = input("Enter the AWS profile name: ") | |
user_name = input("Enter the IAM user name: ") | |
enumerate_iam_policies(profile_name, user_name) |