#!/bin/bash
# This script was developed by AWS Support

echo "Exporting customer-managed IAM policies"

policies=$(aws iam list-policies --scope Local --query 'Policies[*].[PolicyName,Arn]' --output text)

while read -r policy_name policy_arn; do
  echo "Policy Name: $policy_name"
  echo "Policy ARN: $policy_arn"
  echo ""
  echo "Policy Content:"
  aws iam get-policy-version --policy-arn "$policy_arn" --version-id $(aws iam get-policy --policy-arn "$policy_arn" --query 'Policy.DefaultVersionId' --output text) --query 'PolicyVersion.Document' --output json
  echo ""
  echo "Attached Entities:"
  
  # List attached users
  aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter User --query 'PolicyUsers[*].UserName' --output text | tr '\t' '\n' | sed 's/^/User: /'
  
  # List attached groups
  aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter Group --query 'PolicyGroups[*].GroupName' --output text | tr '\t' '\n' | sed 's/^/Group: /'
  
  # List attached roles
  aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter Role --query 'PolicyRoles[*].RoleName' --output text | tr '\t' '\n' | sed 's/^/Role: /'
  
  echo "----------------------------------------"
done <<< "$policies"
---------------------------