def main(argv=None):
key = parse_args(argv)
iam = boto.connect_iam()
users = iam.get_all_users('/')['list_users_response']['list_users_result']['users']
for user in users:
for key_result in iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result']['access_key_metadata']:
aws_access_key = key_result['access_key_id']
if aws_access_key == key:
print('Key "%s" belongs to user: %s' % (key, user['user_name']))
return 0
else:
print('Did not find access key "%s" in %d IAM users' % (key, len(users)))
return 1
def test_iam(app):
iam = boto.iam.connect_to_region(app.config["identity"]['region'],
aws_access_key_id=app.config['keys.key_id'],
aws_secret_access_key=app.config['keys.key_secret'],
security_token=app.config['keys.key_token'])
roles = iam.list_roles();
print type(roles)
for role in roles["list_roles_response"]["list_roles_result"]["roles"]:
print role
print
users = iam.get_all_users();
for user in users.items():
print
print user
def test_iam(app):
iam = boto.iam.connect_to_region(
app.config["identity"]['region'],
aws_access_key_id=app.config['keys.key_id'],
aws_secret_access_key=app.config['keys.key_secret'],
security_token=app.config['keys.key_token'])
roles = iam.list_roles()
print type(roles)
for role in roles["list_roles_response"]["list_roles_result"]["roles"]:
print role
print
users = iam.get_all_users()
for user in users.items():
print
print user
import sys
if len(sys.argv) == 1:
print 'Usage: \n find_iam_user AWS_ACCESS_KEY_ID'
exit(1)
TARGET_ACCESS_KEY = sys.argv[1]
iam = boto.connect_iam()
marker = None
is_truncated = 'true'
users = []
while is_truncated == 'true':
all_users = iam.get_all_users('/', marker=marker)
users += all_users['list_users_response']['list_users_result']['users']
is_truncated = all_users['list_users_response']['list_users_result'][
'is_truncated']
if is_truncated == 'true':
marker = all_users['list_users_response']['list_users_result'][
'marker']
print "Found " + str(len(users)) + " users, searching..."
def find_key():
for user in users:
for key_result in iam.get_all_access_keys(
user['user_name'])['list_access_keys_response'][
'list_access_keys_result']['access_key_metadata']:
iam = boto.iam.connect_to_region(region, **aws_connect_kwargs)
else:
iam = boto.iam.connection.IAMConnection(**aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg=str(e))
result = {}
changed = False
try:
orig_group_list = [gl['group_name'] for gl in iam.get_all_groups().
list_groups_result.
groups]
orig_user_list = [ul['user_name'] for ul in iam.get_all_users().
list_users_result.
users]
orig_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.
roles]
orig_prof_list = [ap['instance_profile_name'] for ap in iam.list_instance_profiles().
list_instance_profiles_response.
list_instance_profiles_result.
instance_profiles]
except boto.exception.BotoServerError, err:
module.fail_json(msg=err.message)
if iam_type == 'user':
been_updated = False
iam = boto.iam.connection.IAMConnection(**aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg=str(e))
result = {}
changed = False
try:
orig_group_list = [
gl['group_name']
for gl in iam.get_all_groups().list_groups_result.groups
]
orig_user_list = [
ul['user_name']
for ul in iam.get_all_users().list_users_result.users
]
orig_role_list = [
rl['role_name'] for rl in
iam.list_roles().list_roles_response.list_roles_result.roles
]
orig_prof_list = [
ap['instance_profile_name'] for ap in
iam.list_instance_profiles().list_instance_profiles_response.
list_instance_profiles_result.instance_profiles
]
except boto.exception.BotoServerError, err:
module.fail_json(msg=err.message)
iam = boto.iam.connect_to_region(region, **aws_connect_kwargs)
else:
iam = boto.iam.connection.IAMConnection(**aws_connect_kwargs)
except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg=str(e))
result = {}
changed = False
try:
orig_group_list = [gl['group_name'] for gl in iam.get_all_groups().
list_groups_result.
groups]
orig_user_list = [ul['user_name'] for ul in iam.get_all_users().
list_users_result.
users]
orig_role_list = [rl['role_name'] for rl in iam.list_roles().list_roles_response.
list_roles_result.
roles]
orig_prof_list = [ap['instance_profile_name'] for ap in iam.list_instance_profiles().
list_instance_profiles_response.
list_instance_profiles_result.
instance_profiles]
except boto.exception.BotoServerError, err:
module.fail_json(msg=err.message)
if iam_type == 'user':
been_updated = False
# Useful for finding IAM user corresponding to a compromised AWS credential
# Requirements:
#
# Environmental variables:
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
# python:
# boto
import boto.iam
TARGET_ACCESS_KEY = 'AKIAJ7QBEUO5UA3W6YQQ'
iam = boto.connect_iam(profile_name='bach')
users = iam.get_all_users('/')['list_users_response']['list_users_result']['users']
def find_key():
for user in users:
for key_result in \
iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result'][
'access_key_metadata']:
aws_access_key = key_result['access_key_id']
if aws_access_key == TARGET_ACCESS_KEY:
print('Target key belongs to:')
print('user : '******'user_name'])
return True
return False
Boto Environment variables:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
or
AWS_PROFILE
"""
import sys
import boto.iam
TARGET_ACCESS_KEYS = sys.argv[1:]
iam = boto.connect_iam()
users = iam.get_all_users(
'/')['list_users_response']['list_users_result']['users']
def find_key(access_key):
for user in users:
for key_result in iam.get_all_access_keys(
user['user_name'])['list_access_keys_response'][
'list_access_keys_result']['access_key_metadata']:
aws_access_key = key_result['access_key_id']
if aws_access_key == access_key:
print access_key + ' : ' + user['user_name']
return True
return False
for access_key in TARGET_ACCESS_KEYS:
import sys
if len(sys.argv) == 1:
print 'Usage: \n find_iam_user AWS_ACCESS_KEY_ID'
exit(1)
TARGET_ACCESS_KEY = sys.argv[1]
iam = boto.connect_iam()
marker = None
is_truncated = 'true'
users = []
while is_truncated == 'true':
all_users = iam.get_all_users('/',marker=marker)
users += all_users['list_users_response']['list_users_result']['users']
is_truncated = all_users['list_users_response']['list_users_result']['is_truncated']
if is_truncated == 'true':
marker = all_users['list_users_response']['list_users_result']['marker']
print "Found " + str(len(users)) + " users, searching..."
def find_key():
for user in users:
for key_result in iam.get_all_access_keys(user['user_name'])['list_access_keys_response']['list_access_keys_result']['access_key_metadata']:
aws_access_key = key_result['access_key_id']
if aws_access_key == TARGET_ACCESS_KEY:
print 'Target key belongs to user: '******'user_name']
return True
return False
