AWS-usefull-scripts/iam_access_key_owner.py at main · D3One/AWS-usefull-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# Find the IAM username belonging to one access key

import argparse
import boto3
import sys

from botocore.exceptions import ClientError


def get_session():
    parser = argparse.ArgumentParser()
    parser.add_argument(
        '--profile',
        help='AWS profile from ~/.aws/credentials',
        required=False,
        default='default'
    )

    parser.add_argument(
        '--access-key',
        help='AWS IAM access key',
        required=True
    )

    args = parser.parse_args()

    try:
        session = boto3.Session(profile_name=args.profile)
    except Exception as e:
        print('%s' % e)
        sys.exit(1)

    return session, args.access_key


def find_user(session, access_key):
    iam_client = session.client('iam')

    try:
        key_info = iam_client.get_access_key_last_used(AccessKeyId=access_key)
        return key_info['UserName']
    except ClientError as e:
        print("Received error: %s" % e)

        if e.response['Error']['Code'] == 'AccessDenied':
            return "Key does not exist in target account"


def main():
    session, access_key = get_session()

    user = find_user(session, access_key)
    print(user)


if __name__ == '__main__':
    main()