dash/weirdAAL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added roles assumable

Browse Source
This commit is contained in:
Kenneth Toler
2018-09-25 16:22:30 -04:00
parent e66a273277
commit 75ea430cef
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
libs/iam.py
View File

@@ -455,6 +455,33 @@ def iam_list_roles():
except KeyboardInterrupt: except KeyboardInterrupt:
print("CTRL-C received, exiting...") print("CTRL-C received, exiting...")
def iam_list_roles_assumable():
'''
Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list
'''
print("### Roles that can be Assumed by AWS Principals ###")
try:
for region in regions:
client = boto3.client('iam', region_name="us-east-1")
response = client.list_roles()
roles = response.get("Roles")
for role in roles:
if "AWS" in role["AssumeRolePolicyDocument"]["Statement"][0]["Principal"]:
print(role["RoleId"] + " " + role["RoleName"])
print(role["AssumeRolePolicyDocument"]["Statement"][0]["Principal"]["AWS"])
except botocore.exceptions.ClientError as e:
if e.response['Error']['Code'] == 'InvalidClientTokenId':
sys.exit("{} : The AWS KEY IS INVALID. Exiting" .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'AccessDenied':
print('{} : Is NOT a root/IAM key' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'SubscriptionRequiredException':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
elif e.response['Error']['Code'] == 'OptInRequired':
print('{} : Has permissions but isnt signed up for service - usually means you have a root account' .format(AWS_ACCESS_KEY_ID))
else:
print("Unexpected error: {}" .format(e))
except KeyboardInterrupt:
print("CTRL-C received, exiting...")
def iam_list_policies(): def iam_list_policies():
''' '''

6
modules/iam.py
View File

@@ -60,6 +60,12 @@ def module_iam_list_roles():
''' '''
iam_list_roles() iam_list_roles()
def module_iam_list_roles_assumable():
'''
Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list.
python3 weirdAAL.py -m iam_list_roles -t yolo
'''
iam_list_roles_assumable()
def module_iam_list_policies(): def module_iam_list_policies():
''' '''