AWS IAM Audit using Boto3

As part of access audits, we often need to verify permissions assigned to IAM users. Permissions to IAM users can be assigned in different ways like Inline Policy/Managed Policy assigned to IAM users or Permissions inherited when the user is added to IAM groups.

In this post, we’ll see how to fetch permissions assigned to all IAM users using Boto3. This can help us to perform audits to check which users got all access.

Step 1:

We’ll be running the code on our local system (you can also set it up as AWS Lambda) so make sure aws cli is configured on your system and boto3 is installed. We’ll also need to install xlsxwriter package using pip. This will enable us to create our report in MS-Excel format.

Step 2:

Download code from https://raw.githubusercontent.com/vinycoolguy2015/awslambda/master/iam_permission.py and execute the code using the following command:

python3 iam_permission.py 

That’s all. Once the code is executed, the iam_user_permissions.xlsx file will be created in your current directory, with details about permissions assigned to all the IAM users in your AWS account.

👋 Join us today !!

️Follow us on LinkedIn, Twitter, Facebook, and Instagram

https://avmconsulting.net/

If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store