Problem After the initial adoption of AWS there were a lot of users created manually, with policies, groups and access keys. So, the goal was to have possibility to automatically remove them.
Solution Small python script with boto3 was done.
The input is:
user - String representation of user name iam - iam client from boto3 boto3.client('iam')
def deleteUser ( user , iam ):
print ( "detele " + user )
# delete all access keys
access_keys = iam . list_access_keys ( UserName = user )
for key_entry in access_keys . get ( "AccessKeyMetadata" ):
access_key = key_entry . get ( "AccessKeyId" )
print ( access_key )
# delete this key
iam . delete_access_key ( AccessKeyId = access_key , UserName = user )
# remove all groups
userGroups = iam . list_groups_for_user ( UserName = user )
for groupName in userGroups [ 'Groups' ]:
print ( groupName [ 'GroupName' ])
# delete group
iam . remove_user_from_group ( GroupName = groupName [ 'GroupName' ], UserName = user )
#remove policies
for policy in iam . list_user_policies ( UserName = user ). get ( "PolicyNames" ):
print policy
iam . detach_user_policy ( UserName = user , PolicyArn = policy )
print iam . list_attached_user_policies ( UserName = user )
for policy in iam . list_attached_user_policies ( UserName = user ). get ( "AttachedPolicies" ):
print policy
iam . detach_user_policy ( UserName = user , PolicyArn = policy . get ( "PolicyArn" ))
# remove user
iam . delete_user ( UserName = user )