#!/usr/bin/env python3"""List AWS keys older than X days (X is passed from com

1. #!/usr/bin/env python3
2. """
3. List AWS keys older than X days (X is passed from command line).
4. If X is undefined, print all the keys.
5. """
6.  
7. import argparse
8. import collections
9. import datetime
10. import itertools
11.  
12. import boto3
13.  
14. NOW = datetime.datetime.now(datetime.timezone.utc)
15.  
16. KeyInfo = collections.namedtuple('KeyInfo', ('user', 'access_key',
17. 'created'))
18.  
19.  
20. def list_keys():
21. iam = boto3.client('iam')
22. users = iam.list_users()['Users']
23. # users = [{'UserName': 'klas'}]
24. keys = (iam.list_access_keys(UserName=u['UserName'])['AccessKeyMetadata']
25. for u in users)
26. keys = itertools.chain.from_iterable(keys)
27. yield from (KeyInfo(k['UserName'], k['AccessKeyId'], k['CreateDate'])
28. for k in keys)
29.  
30.  
31. def filter_keys(keys, allowed_age):
32. tdelta = datetime.timedelta(days=allowed_age)
33. yield from (k for k in keys if k.created < (NOW - tdelta))
34.  
35.  
36. def main():
37. parser = argparse.ArgumentParser(description=__doc__)
38. parser.add_argument('key-age-threshold', type=int, nargs='?',
39. help='maximum allowed access key age (in days)')
40. args = vars(parser.parse_args())
41. key_age_threshold = args['key-age-threshold']
42. keys = list_keys()
43. if key_age_threshold:
44. keys = filter_keys(keys, key_age_threshold)
45. for k in keys:
46. print("{} ['{}']: {} days".format(k.user, k.access_key,
47. (NOW - k.created).days))
48.  
49.  
50. if __name__ == '__main__':
51. main()