====== IAM ======


===== Get unused security groups =====


<code bash>
#!/bin/bash

#Get all security groups and check against network interfaces thety are allocated to.
echo "" > security_groups.txt
for SG in
$(aws ec2 describe-security-groups --profile nonprod_admin | jq --raw-output '.[][] | [.GroupId, .GroupName, .Description ] | @csv')
do
echo $SG
#echo $SG | tee  security_groups.txt | cut -f1 -d | aws ec2 describe-network-interfaces --filters Name=group-id,Values=${SG} --profile nonprod_admin
done

# Clean up our temporary mess
rm security_groups.txt
</code>


===== List roles =====

<code>
$ aws iam list-roles --profile nonprod_admin | jq .[][].RoleName | grep -i 'dev\|test\|nonprod'
"AJS-stepFunctionTest"
"AndrewLambdaTest"
"codebuild-test-service-role"
"codebuild-test-service-role22"
"developer"

</code>