Untitled

# Dumps all IAM information to stdout
# Basically a version of GetAccountAuthorizationDetails that takes care of pagination
# for you. Don't use the aws CLI version or you'll have to deal with pagination yourself

import boto3
import botocore
import json


from datetime import datetime

def json_serial(obj):
    """JSON serializer for objects not serializable by default json code"""

    if isinstance(obj, datetime):
        serial = obj.isoformat()
        return serial
    raise TypeError ("Type not serializable")


iam_client = boto3.client('iam')
paginator = iam_client.get_paginator('get_account_authorization_details')
response_iterator = paginator.paginate()

# Annoyingly this thing is paginated so we need to visit each response and combine the results
combined_response = None
for response in response_iterator:
    if not combined_response:
        combined_response = response
    else:
        # Concatenate the responses
        combined_response['UserDetailList'].extend(response['UserDetailList'])
        combined_response['GroupDetailList'].extend(response['GroupDetailList'])
        combined_response['RoleDetailList'].extend(response['RoleDetailList'])
        combined_response['Policies'].extend(response['Policies'])

        # If there are any unexpected keys error out since our code is probably wrong
        # and needs to figure out how to combine them
        for k in response.keys():
            if k not in ['UserDetailList', 'GroupDetailList', 'RoleDetailList', 'Policies', 'ResponseMetadata', 'Marker', 'IsTruncated']:
                raise RuntimeError('Unexpected key {0} in response'.format(k))

print(json.dumps(combined_response, default=json_serial, indent=2, sort_keys=True, ensure_ascii=True))