堆栈内存溢出
  简体   繁体   English

使用boto3,如何检查AWS IAM用户是否具有密码?

[英]Using boto3, how to check if AWS IAM user has password?

 原文  2017-06-01 10:47:03       python/ amazon-web-services/ boto/ boto3/ amazon-iam

问题描述

Among the users in IAM, I want to programmatically get the list of all password enabled users. 在IAM中的用户中,我想以编程方式获取所有启用密码的用户的列表。 From AWS Console, I can easily spot them. 从AWS控制台,我可以轻松发现它们。 But, how to get their list programmatically? 但是,如何以编程方式获取其名单? I want to use python boto to get that. 我想使用python boto来做到这一点。

I was reading up here http://boto3.readthedocs.io/en/latest/reference/services/iam.html#iam , but by most of the ways listed in this doc, I can only see option of using 'PasswordLastUsed' which would be null in three cases 我在这里阅读http://boto3.readthedocs.io/en/latest/reference/services/iam.html#iam ,但是通过此文档中列出的大多数方式,我只能看到使用“ PasswordLastUsed”的选项在三种情况下为空

  1. The user does not have a password 用户没有密码
  2. The password exists but has never been used 密码存在但从未使用过
  3. there is no sign-in data associated with the user. 没有与用户关联的登录数据。

So just by checking if 'PasswordLastUsed' is null I can not claim that user does not have password and thereby, can not get all the users with password. 因此,仅通过检查“ PasswordLastUsed”是否为空,我不能声称用户没有密码,因此不能使所有用户都获得密码。 Am I missing something here? 我在这里想念什么吗? Any other way or any other python resource I can use to do this? 我可以使用任何其他方式或任何其他python资源吗?

3 个解决方案

解决方案1
 4 已采纳  2017-06-01 19:45:39

import boto3

iam = boto3.resource('iam')
def isPasswordEnabled(user):
   login_profile = iam.LoginProfile(user)
   try:
     login_profile.create_date
     print True
  except:
     print False

>>> isPasswordEnabled('user1')
True
>>> isPasswordEnabled('user2')
False

解决方案2
 2  2017-06-01 11:04:41

I can see that there is a way, just where you would expect it to be... 我可以看到有一种方法,就在您期望的位置...

http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.get_credential_report http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.get_credential_report

In the report, field password_enabled set to false indicates no password. 在报告中,将password_enabled字段设置为false表示没有密码。

解决方案3
 0  2017-06-01 16:44:32

You could use the GetLoginProfile API request to determine if an IAM user has a login profile or not. 您可以使用GetLoginProfile API请求来确定IAM用户是否具有登录配置文件。 If there is no login profile associated with the user this request will return a 404 response. 如果没有与用户关联的登录配置文件,则此请求将返回404响应。 Some code like this should work: 这样的一些代码应该可以工作: 

import boto3
iam = boto3.client('iam')
user_name = 'bob'
try:
    response = iam.get_login_profile(UserName=user_name)
except Exception, e:
    if e.response['ResponseMetadata']['HTTPStatusCode'] == 404:
        print('User {} has no login profile'.format(user_name))

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何查找boot3的AWS IAM用户闲置/闲置了多少天? - How can I find how many days has an AWS IAM user been inactive/idle for with boto3? 如何使用 boto3 轮换我的 AWS IAM 用户访问权限和密钥? - How do I rotate my AWS IAM user access and secret key using boto3? 使用 Boto3 将 IAM 用户附加到 IAM 组 - Attaching IAM user to IAM Group using Boto3 如何使用 boto3 在 aws 中检查 s3 访问密钥是否可以访问特定存储桶 - How to check whether s3 access key has access to a specific bucket or not in aws using boto3 AWS IAM Python Boto3脚本-创建用户 - AWS IAM Python Boto3 script - Create User 使用boto3查询AWS CloudTrail以确定哪个IAM用户将文件上传到S3? - Using boto3 to query AWS CloudTrail to determine which IAM user uploaded a file to S3? 如何使用boto3获取用户的当前密码使用期限 - How to get current password age for a user using boto3 如何使用 python boto3 将新角色权限附加到 aws 中的 iam_role? - How to attach new role permissions to iam_role in aws using python boto3? 使用 Boto3 以编程方式获取 IAM 用户的 UserID - Get the UserID for an IAM user programatically using Boto3 如何使用 boto3 为 IAM 用户授予对 S3 存储桶的完全权限? - How to grant full permissions on an S3 bucket for an IAM user using boto3?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM