[英]Using boto3, how to check if AWS IAM user has password?
Among the users in IAM, I want to programmatically get the list of all password enabled users. 在IAM中的用户中,我想以编程方式获取所有启用密码的用户的列表。 From AWS Console, I can easily spot them.
从AWS控制台,我可以轻松发现它们。 But, how to get their list programmatically?
但是,如何以编程方式获取其名单? I want to use python boto to get that.
我想使用python boto来做到这一点。
I was reading up here http://boto3.readthedocs.io/en/latest/reference/services/iam.html#iam , but by most of the ways listed in this doc, I can only see option of using 'PasswordLastUsed' which would be null in three cases 我在这里阅读http://boto3.readthedocs.io/en/latest/reference/services/iam.html#iam ,但是通过此文档中列出的大多数方式,我只能看到使用“ PasswordLastUsed”的选项在三种情况下为空
So just by checking if 'PasswordLastUsed' is null I can not claim that user does not have password and thereby, can not get all the users with password. 因此,仅通过检查“ PasswordLastUsed”是否为空,我不能声称用户没有密码,因此不能使所有用户都获得密码。 Am I missing something here?
我在这里想念什么吗? Any other way or any other python resource I can use to do this?
我可以使用任何其他方式或任何其他python资源吗?
import boto3
iam = boto3.resource('iam')
def isPasswordEnabled(user):
login_profile = iam.LoginProfile(user)
try:
login_profile.create_date
print True
except:
print False
>>> isPasswordEnabled('user1')
True
>>> isPasswordEnabled('user2')
False
I can see that there is a way, just where you would expect it to be... 我可以看到有一种方法,就在您期望的位置...
http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.get_credential_report http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.get_credential_report
In the report, field password_enabled set to false indicates no password. 在报告中,将password_enabled字段设置为false表示没有密码。
You could use the GetLoginProfile
API request to determine if an IAM user has a login profile or not. 您可以使用
GetLoginProfile
API请求来确定IAM用户是否具有登录配置文件。 If there is no login profile associated with the user this request will return a 404 response. 如果没有与用户关联的登录配置文件,则此请求将返回404响应。 Some code like this should work:
这样的一些代码应该可以工作:
import boto3
iam = boto3.client('iam')
user_name = 'bob'
try:
response = iam.get_login_profile(UserName=user_name)
except Exception, e:
if e.response['ResponseMetadata']['HTTPStatusCode'] == 404:
print('User {} has no login profile'.format(user_name))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.