# 1) Check if IAM group 'can-opener-grp' exists, if not, # create and set policy rules. group_exists = group_name in [g.group_name for g in (iam.get_all_groups().list_groups_response.list_groups_result.groups)] if group_exists and destructive: print "DESTROY: Destroying old group %s" % (group_name,) for user in (iam.get_group(group_name) .get_group_response.get_group_result.users): print "DESTROY: Removing user %s from group %s" % ( user.user_name, group_name) iam.remove_user_from_group(group_name, user.user_name) for policy in iam.get_all_group_policies(group_name).list_group_policies_response.list_group_policies_result.policy_names: print "DESTROY: Removing policy %s from group %s" % ( policy, group_name) iam.delete_group_policy(group_name, policy) iam.delete_group(group_name) if not group_exists or destructive: print "INITIALIZE: Group %s does not exist, creating" % ( group_name,) group = iam.create_group(group_name) print "INITIALIZE: Adding policy %s to group %s" % ( policy_name, group_name) iam.put_group_policy(group_name, policy_name, policy_json) # 2) Check if IAM user 'can-opener-user' exists, if not, # create, set to group 'can-opener-grp', get credentials # and print them out. user_exists = user_name in [u.user_name for u in iam.get_all_users().list_users_response.list_users_result.users] if user_exists and destructive: for key in iam.get_all_access_keys(user_name).list_access_keys_response.list_access_keys_result.access_key_metadata: print "DESTROY: Destroying access key %s of user %s" % (