aws:iam
This is an old revision of the document!
Table of Contents
IAM
Get unused security groups
#!/bin/bash #Get all security groups and check against network interfaces thety are allocated to. echo "" > security_groups.txt for SG in $(aws ec2 describe-security-groups --profile nonprod_admin | jq --raw-output '.[][] | [.GroupId, .GroupName, .Description ] | @csv') do echo $SG #echo $SG | tee security_groups.txt | cut -f1 -d | aws ec2 describe-network-interfaces --filters Name=group-id,Values=${SG} --profile nonprod_admin done # Clean up our temporary mess rm security_groups.txt
List roles
$ aws iam list-roles --profile nonprod_admin | jq .[][].RoleName | grep -i 'dev\|test\|nonprod' "AJS-stepFunctionTest" "AndrewLambdaTest" "codebuild-test-service-role" "codebuild-test-service-role22" "developer"
Assume role
#!/bin/bash ROLEARN='arn:aws:iam::12121212121212:role/myrole_ec2' for ACCOUNT in 123412341234 432143214321 do printf "Using account ${ACCOUNT}" RESULT=$(aws sts assume-role --role-arn "arn:aws:iam::${ACCOUNT}:role/${ROLEARN}" --role-session-name AWSCLI-Session) export $(echo "${RESULT}" | jq .[]key-or-similar) export $(echo "${RESULT}" | jq .[]secret-stuff) export $(echo "${RESULT}" | jq .[]session-stuff) aws sts get-caller-identity # Should show info from assumed role in ${ACCOUNT} done
aws/iam.1721641882.txt.gz · Last modified: by 127.0.0.1