{"id":22207,"date":"2015-07-01T12:31:00","date_gmt":"2015-07-01T07:01:00","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=22207"},"modified":"2015-07-01T16:50:05","modified_gmt":"2015-07-01T11:20:05","slug":"continuing-with-boto-list-iam-users-having-90-days-older-access-keys","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/continuing-with-boto-list-iam-users-having-90-days-older-access-keys\/","title":{"rendered":"Continuing with Boto: List IAM users having 90 days older Access keys"},"content":{"rendered":"

AWS recommends to rotate your IAM user’s Access keys periodically. Sometime we create access keys for IAM user and keep using it. We forget to rotate the keys after a period of time, which is not considered as a good practice.<\/p>\n

Recently, we came across a use case<\/a> wherein we were supposed to rotate the access keys which were created 90 days ago. For this purpose, we needed all those access keys which were created before 90 days.<\/p>\n

We thought to come up with a python script using boto which describes:<\/p>\n

1) Access Key Creation Date:<\/span><\/strong> date on which access keys were created.
\n2) Username:<\/span><\/strong> user name associate with that keys.<\/p>\n

Note: You can refer our previous blog to understand How to use boto library? <\/span><\/strong><\/a><\/p>\n

[python]<\/p>\n

import datetime
\nimport dateutil
\nimport boto
\nfrom dateutil import parser
\nfrom boto import iam<\/p>\n

conn=iam.connect_to_region(‘ap-southeast-1’)
\nusers=conn.get_all_users()
\ntimeLimit=datetime.datetime.now() – datetime.timedelta(days=90)<\/p>\n

print "————————————————————-"
\nprint "Access Keys Created Date" + "\\t\\t" + "Username"
\nprint "————————————————————-"<\/p>\n

for user in users.list_users_response.users:<\/p>\n

accessKeys=conn.get_all_access_keys(user_name=user[‘user_name’])<\/p>\n

for keysCreatedDate in accessKeys.list_access_keys_response.list_access_keys_result.access_key_metadata:<\/p>\n

if parser.parse(keysCreatedDate[‘create_date’]).date() <= timeLimit.date():<\/p>\n

print(keysCreatedDate[‘create_date’]) + "\\t\\t" + user[‘user_name’]<\/p>\n

[\/python]<\/p>\n

 <\/p>\n

You can download this scripts from our github profile AWS-Boto-Scripts.<\/a><\/p>\n

Leave a comment if you have any questions regarding this article.<\/p>\n","protected":false},"excerpt":{"rendered":"

AWS recommends to rotate your IAM user’s Access keys periodically. Sometime we create access keys for IAM user and keep using it. We forget to rotate the keys after a period of time, which is not considered as a good practice. Recently, we came across a use case wherein we were supposed to rotate the […]<\/p>\n","protected":false},"author":100,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":7},"categories":[1174,1],"tags":[1853,1611,1358],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/22207"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/100"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=22207"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/22207\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=22207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=22207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=22207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}