Aaron

Update aws_users_export.py

import csv
import json
import boto3
import argparse
... ... @@ -46,21 +46,88 @@ if __name__ == '__main__':
# Parse CLI args
argp = argparse.ArgumentParser(description='Export AWS users to CSV')
argp.add_argument('--file', '-f', required=True, dest='outfile',
argp.add_argument('--file', '-f', dest='outfile',
action='store', help='CSV file to export data into')
argp.add_argument('--verbose-policies', '-p', dest='policies',
action='store_true', help='Export full policy details')
args = argp.parse_args()
# Initialize client
client = boto3.client('iam')
user_data = client.list_users()
user_data = {}
header = get_all_headers(user_data['Users'])
user_list = client.list_users()
# Write data to file
with open(args.outfile, 'w', newline='') as f:
writer = csv.DictWriter(f, fieldnames=header)
writer.writeheader()
for user in user_list['Users']:
user_data[user['UserName']] = user
for user in user_data['Users']:
writer.writerow(user)
# Get Group Data
group_data = client.list_groups_for_user(UserName=user['UserName'])
user_data[user['UserName']]['Groups'] = []
# Get inline and attached group policies
for group in group_data['Groups']:
group_inline_policy_data = client.list_group_policies(GroupName=group['GroupName'])
group_attached_policy_data = client.list_attached_group_policies(GroupName=group['GroupName'])
if args.policies:
group['InlineGroupPolicies'] = {}
for policy in group_inline_policy_data['PolicyNames']:
policy_data = client.get_group_policy(GroupName=group['GroupName'], PolicyName=policy)
group['InlineGroupPolicies'][policy] = policy_data['PolicyDocument']
group['AttachedGroupPolicies'] = {}
for policy in group_attached_policy_data['AttachedPolicies']:
policy_data = client.get_policy(PolicyArn=policy['PolicyArn'])
policy_doc = client.get_policy_version(PolicyArn=policy['PolicyArn'], VersionId=policy_data['Policy']['DefaultVersionId'])
group['AttachedGroupPolicies'][policy['PolicyName']] = policy_data['Policy']
group['AttachedGroupPolicies'][policy['PolicyName']]['PolicyDocument'] = policy_doc['PolicyVersion']['Document']
else:
group['InlineGroupPolicies'] = group_inline_policy_data['PolicyNames']
group['AttachedGroupPolicies'] = group_attached_policy_data['AttachedPolicies']
user_data[user['UserName']]['Groups'].append(group)
user_inline_policy_data = client.list_user_policies(UserName=user['UserName'])
user_attached_policy_data = client.list_attached_user_policies(UserName=user['UserName'])
if args.policies:
user_data[user['UserName']]['InlineUserPolicies'] = {}
for policy in user_inline_policy_data['PolicyNames']:
policy_data = client.get_user_policy(UserName=user['UserName'], PolicyName=policy)
user_data[user['UserName']]['InlineUserPolicies'][policy] = policy_data['PolicyDocument']
user_data[user['UserName']]['AttachedUserPolicies'] = {}
for policy in user_attached_policy_data['AttachedPolicies']:
policy_data = client.get_policy(PolicyArn=policy['PolicyArn'])
policy_doc = client.get_policy_version(PolicyArn=policy['PolicyArn'], VersionId=policy_data['Policy']['DefaultVersionId'])
policy_doc = client.get_policy_version(PolicyArn=policy['PolicyArn'], VersionId=policy_data['Policy']['DefaultVersionId'])
user_data[user['UserName']]['AttachedUserPolicies'][policy['PolicyName']] = policy_data['Policy']
user_data[user['UserName']]['AttachedUserPolicies'][policy['PolicyName']]['PolicyDocument'] = policy_doc['PolicyVersion']['Document']
else:
user_data[user['UserName']]['InlineUserPolicies'] = user_inline_policy_data['PolicyNames']
user_data[user['UserName']]['AttachedUserPolicies'] = user_attached_policy_data['AttachedPolicies']
#user_inline_policy_data = client.get_user_policy(
#user_attached_policy_data = client.list_attached_user_policies(UserName=user['UserName'])
#user_data[user['UserName']]['Policies'] = policy_data['PolicyNames']
tag_data = client.list_user_tags(UserName=user['UserName'])
user_data[user['UserName']]['Tags'] = tag_data['Tags']
mfa_data = client.list_mfa_devices(UserName=user['UserName'])
user_data[user['UserName']]['MFADevices'] = mfa_data['MFADevices']
# Dump user data
out = json.dumps(user_data, default=str, indent=2)
if args.outfile:
# Write data to file
with open(args.outfile, 'w') as f:
f.write(out)
else:
# Print to stdout
print(out)
\ No newline at end of file
... ...