Python 3.x 获取iam用户列表的Python脚本,该用户列表未使用访问密钥超过10天
我已经准备好了python脚本,该脚本将获得10天以上未使用访问密钥的iam用户列表 但我得到了以下错误: AttributeError:“iam.User”对象没有“accesskey\u last\u used”属性Python 3.x 获取iam用户列表的Python脚本,该用户列表未使用访问密钥超过10天,python-3.x,amazon-web-services,aws-lambda,boto3,Python 3.x,Amazon Web Services,Aws Lambda,Boto3,我已经准备好了python脚本,该脚本将获得10天以上未使用访问密钥的iam用户列表 但我得到了以下错误: AttributeError:“iam.User”对象没有“accesskey\u last\u used”属性 错误消息相当准确。iam.User对象上没有上次使用的accesskey\u属性 此外,用户可以拥有多个访问密钥,并且每个访问密钥都可以具有AccessKeyLastUsed属性 因此,您需要使用客户端调用,而不是资源调用,并为每个用户循环每个访问密钥: import boto
错误消息相当准确。
iam.Useraccesskey\u属性
此外,用户可以拥有多个访问密钥,并且每个访问密钥都可以具有AccessKeyLastUsed
属性
因此,您需要使用客户端
调用,而不是资源
调用,并为每个用户循环每个访问密钥:
import boto3
import datetime
from dateutil.tz import tzutc
resource = boto3.resource('iam')
client = boto3.client('iam')
today = datetime.datetime.now()
final_report = ''
number = 1
# For every user
for user in resource.users.all():
# Get Access Keys for the User
keys_response = client.list_access_keys(UserName=user.user_name)
last_access = None
# For every Access Key associate with the user
for key in keys_response['AccessKeyMetadata']:
last_used_response = client.get_access_key_last_used(AccessKeyId=key['AccessKeyId'])
if 'LastUsedDate' in last_used_response['AccessKeyLastUsed']:
accesskey_last_used = last_used_response['AccessKeyLastUsed']['LastUsedDate']
if last_access is None or accesskey_last_used < last_access:
last_access = accesskey_last_used
# More than x days since last access?
if last_access is not None:
delta = (today - last_access.replace(tzinfo=None)).days
if delta >= 10:
final_report += str(number) + " username: " + [user.user_name][0] + " - " + str(delta) + " days\n"
number += 1
print(final_report)
导入boto3
导入日期时间
从dateutil.tz导入tzutc
resource=boto3.resource('iam')
client=bot3.client('iam')
今天=datetime.datetime.now()
最终报告=“”
数字=1
#对于每个用户
对于resource.users.all()中的用户:
#获取用户的访问密钥
keys\u response=client.list\u access\u keys(用户名=user.user\u name)
上次访问=无
#对于与用户关联的每个访问密钥
对于密钥中的密钥\u响应['AccessKeyMetadata']:
上次使用\u响应=client.get\u access\u key\u上次使用(AccessKeyId=key['AccessKeyId'])
如果上次使用的响应['AccessKeyLastUsed']中的'LastUsedDate':
accesskey\u last\u used=last\u used\u响应['AccessKeyLastUsed']['LastUsedDate']
如果last_access为None或accesskey_last_used=10:
最终报告+=str(数字)+“用户名:”+[user.user\u name][0]+“-”+str(增量)+“天数\n”
数字+=1
打印(最终报告)
import boto3
import datetime
from dateutil.tz import tzutc
resource = boto3.resource('iam')
client = boto3.client('iam')
today = datetime.datetime.now()
final_report = ''
number = 1
# For every user
for user in resource.users.all():
# Get Access Keys for the User
keys_response = client.list_access_keys(UserName=user.user_name)
last_access = None
# For every Access Key associate with the user
for key in keys_response['AccessKeyMetadata']:
last_used_response = client.get_access_key_last_used(AccessKeyId=key['AccessKeyId'])
if 'LastUsedDate' in last_used_response['AccessKeyLastUsed']:
accesskey_last_used = last_used_response['AccessKeyLastUsed']['LastUsedDate']
if last_access is None or accesskey_last_used < last_access:
last_access = accesskey_last_used
# More than x days since last access?
if last_access is not None:
delta = (today - last_access.replace(tzinfo=None)).days
if delta >= 10:
final_report += str(number) + " username: " + [user.user_name][0] + " - " + str(delta) + " days\n"
number += 1
print(final_report)