Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Delete-all-Users-things -ThisUserList $Users
- function Delete-all-Users-things{
- param([string[]] $ThisUserList)
- ForEach($name in $ThisUserList) {
- # find any groups and remove user from them
- $groups = Get-IAMGroupForUser -UserName $name
- foreach ($group in $groups) { Remove-IAMUserFromGroup -GroupName $group.GroupName -UserName $name -Force }
- # find any inline policies and delete them
- $inlinepols = Get-IAMUserPolicies -UserName $name
- foreach ($pol in $inlinepols) { Remove-IAMUserPolicy -PolicyName $pol -UserName $name -Force}
- # find any managed polices and detach them
- $managedpols = Get-IAMAttachedUserPolicies -UserName $name
- foreach ($pol in $managedpols) { Unregister-IAMUserPolicy -PolicyArn $pol.PolicyArn -UserName $name }
- # find any signing certificates and delete them
- $certs = Get-IAMSigningCertificate -UserName $name
- foreach ($cert in $certs) { Remove-IAMSigningCertificate -CertificateId $cert.CertificateId -UserName $name -Force }
- # find any access keys and delete them
- $keys = Get-IAMAccessKey -UserName $name
- foreach ($key in $keys) { Remove-IAMAccessKey -AccessKeyId $key.AccessKeyId -UserName $name -Force }
- # delete the user's login profile, if one exists - note: need to use try/catch to suppress not found error
- try { $prof = Get-IAMLoginProfile -UserName bab -ea 0 } catch { out-null }
- if ($prof) { Remove-IAMLoginProfile -UserName $name -Force }
- # find any MFA device, detach it, and if virtual, delete it.
- $mfa = Get-IAMMFADevice -UserName $name
- if ($mfa) {
- Disable-IAMMFADevice -SerialNumber $mfa.SerialNumber -UserName $name
- if ($mfa.SerialNumber -like "arn:*") { Remove-IAMVirtualMFADevice -SerialNumber $mfa.SerialNumber }
- }
- # finally, remove the user
- Remove-IAMUser -UserName $name -Force
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement