29 lines
1.3 KiB
Bash
Executable File
29 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# This script was developed by AWS Support
|
|
|
|
echo "Exporting customer-managed IAM policies"
|
|
|
|
policies=$(aws iam list-policies --scope Local --query 'Policies[*].[PolicyName,Arn]' --output text)
|
|
|
|
while read -r policy_name policy_arn; do
|
|
echo "Policy Name: $policy_name"
|
|
echo "Policy ARN: $policy_arn"
|
|
echo ""
|
|
echo "Policy Content:"
|
|
aws iam get-policy-version --policy-arn "$policy_arn" --version-id $(aws iam get-policy --policy-arn "$policy_arn" --query 'Policy.DefaultVersionId' --output text) --query 'PolicyVersion.Document' --output json
|
|
echo ""
|
|
echo "Attached Entities:"
|
|
|
|
# List attached users
|
|
aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter User --query 'PolicyUsers[*].UserName' --output text | tr '\t' '\n' | sed 's/^/User: /'
|
|
|
|
# List attached groups
|
|
aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter Group --query 'PolicyGroups[*].GroupName' --output text | tr '\t' '\n' | sed 's/^/Group: /'
|
|
|
|
# List attached roles
|
|
aws iam list-entities-for-policy --policy-arn "$policy_arn" --entity-filter Role --query 'PolicyRoles[*].RoleName' --output text | tr '\t' '\n' | sed 's/^/Role: /'
|
|
|
|
echo "----------------------------------------"
|
|
done <<< "$policies"
|
|
---------------------------
|