1+ # Simple python script to get all roles in a given AWS env
2+ # To do:
3+ # - List Groups a user belongs to
4+ # - List Policies associated with user
5+
6+
7+ import boto3
8+ import csv
9+
10+ # Init IAM boto3 resource to list roles
11+ # NOTE: The session is created by using creds available under ~/.aws/credentials
12+ # For a specific profile add the 'profile_name' attribute
13+ iam_roles = boto3 .resource ('iam' )
14+ iam = boto3 .client ('iam' )
15+ roles = iam_roles .roles .all ()
16+
17+ def listAllUsers ():
18+ # Using paginator here. Optional if a small env
19+ paginator = iam .get_paginator ('list_users' )
20+ for response in paginator .paginate ():
21+ for user in response ["Users" ]:
22+ print (f"Username: { user ['UserName' ]} { user ['Arn' ]} )
23+
24+ def listIAMRoles ():
25+ for role in roles :
26+ roleslist = role .role_name
27+ print (roleslist )
28+
29+ def writeIAMRolestoCSV ():
30+ # write to csv file
31+ with open ('rolelist.csv' ,'w' , newline = '' ) as f :
32+ for role in roles :
33+ roleslist = role .role_name
34+ f .write (roleslist + '\n ' )
35+
36+
37+ def main ():
38+ # List all IAM users in Username: Arn: format
39+ print ("List all IAM users:\n " )
40+ listAllUsers ()
41+ print ("Listing all account roles: \n " )
42+ # call listIAMRoles func
43+ listIAMRoles ()
44+ print ("\n Writing to csv file rolelist.csv.." )
45+ writeIAMRolestoCSV ()
46+
47+
48+ if __name__ == "__main__" :
49+ main ()
0 commit comments