Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- """
- List AWS keys older than X days (X is passed from command line).
- If X is undefined, print all the keys.
- """
- import argparse
- import collections
- import datetime
- import itertools
- import boto3
- NOW = datetime.datetime.now(datetime.timezone.utc)
- KeyInfo = collections.namedtuple('KeyInfo', ('user', 'access_key',
- 'created'))
- def list_keys():
- iam = boto3.client('iam')
- users = iam.list_users()['Users']
- # users = [{'UserName': 'klas'}]
- keys = (iam.list_access_keys(UserName=u['UserName'])['AccessKeyMetadata']
- for u in users)
- keys = itertools.chain.from_iterable(keys)
- yield from (KeyInfo(k['UserName'], k['AccessKeyId'], k['CreateDate'])
- for k in keys)
- def filter_keys(keys, allowed_age):
- tdelta = datetime.timedelta(days=allowed_age)
- yield from (k for k in keys if k.created < (NOW - tdelta))
- def main():
- parser = argparse.ArgumentParser(description=__doc__)
- parser.add_argument('key-age-threshold', type=int, nargs='?',
- help='maximum allowed access key age (in days)')
- args = vars(parser.parse_args())
- key_age_threshold = args['key-age-threshold']
- keys = list_keys()
- if key_age_threshold:
- keys = filter_keys(keys, key_age_threshold)
- for k in keys:
- print("{} ['{}']: {} days".format(k.user, k.access_key,
- (NOW - k.created).days))
- if __name__ == '__main__':
- main()
Add Comment
Please, Sign In to add comment