# 1) Check if IAM group 'can-opener-grp' exists, if not,
# create and set policy rules.
group_exists = group_name in [g.group_name for g in (iam.get_all_groups().list_groups_response.list_groups_result.groups)]
if group_exists and destructive:
print "DESTROY: Destroying old group %s" % (group_name,)
for user in (iam.get_group(group_name)
.get_group_response.get_group_result.users):
print "DESTROY: Removing user %s from group %s" % (
user.user_name, group_name)
iam.remove_user_from_group(group_name, user.user_name)
for policy in iam.get_all_group_policies(group_name).list_group_policies_response.list_group_policies_result.policy_names:
print "DESTROY: Removing policy %s from group %s" % (
policy, group_name)
iam.delete_group_policy(group_name, policy)
iam.delete_group(group_name)
if not group_exists or destructive:
print "INITIALIZE: Group %s does not exist, creating" % (
group_name,)
group = iam.create_group(group_name)
print "INITIALIZE: Adding policy %s to group %s" % (
policy_name, group_name)
iam.put_group_policy(group_name, policy_name, policy_json)
# 2) Check if IAM user 'can-opener-user' exists, if not,
# create, set to group 'can-opener-grp', get credentials
# and print them out.
user_exists = user_name in [u.user_name for u in iam.get_all_users().list_users_response.list_users_result.users]
if user_exists and destructive:
for key in iam.get_all_access_keys(user_name).list_access_keys_response.list_access_keys_result.access_key_metadata:
print "DESTROY: Destroying access key %s of user %s" % (
