· 6 years ago · Jul 21, 2019, 03:44 AM
1import boto3
2import os
3import statsd
4
5
6# Add your accounts here
7AWS_ACCOUNTS = []
8
9# Add programmatic users here
10PROGRAMMATIC_ACCESS_ONLY = [
11]
12
13
14def get_client(name):
15 access_key = os.environ.get("AWS_ACCESS_KEY_{}".format(name.upper()))
16 secret_key = os.environ.get("AWS_SECRET_KEY_{}".format(name.upper()))
17 session = boto3.session.Session(aws_access_key_id=access_key, aws_secret_access_key=secret_key)
18 return session.client('iam')
19
20
21def main():
22 for account in AWS_ACCOUNTS:
23 client = get_client(account)
24
25 all_users = [user['UserName'] for user in client.list_users()['Users']
26 if user['UserName'] not in PROGRAMMATIC_ACCESS_ONLY]
27
28 mfa_enabled_users = []
29 for user in all_users:
30 device = client.list_mfa_devices(UserName=user)
31 if device['MFADevices']:
32 mfa_enabled_users.append(user)
33 mfa_disabled_users = list(set(all_users) - set(mfa_enabled_users))
34
35 enabled_count = len(mfa_enabled_users)
36 not_enabled_count = len(mfa_disabled_users)
37 enabled_percentage = (float(enabled_count) / len(all_users) * 100)
38
39 print("Enabled count for {}: {}".format(account, enabled_count))
40 print("Enabled percentage for {}: {}".format(account, enabled_percentage))
41 print("Disabled users for {}: {}".format(account, mfa_disabled_users))
42
43if __name__ == '__main__':
44 main()