· 9 years ago · Nov 17, 2016, 09:48 AM
1import boto3
2import datetime
3
4
5ACCESS_KEY = ''
6SECRET_KEY = ''
7
8SKIP_USERS = []
9
10
11def can_delete(username):
12 for item in SKIP_USERS:
13 if item in username:
14 return False
15
16 return True
17
18
19def get_iam_api():
20 return boto3.client(
21 'iam',
22 aws_access_key_id=ACCESS_KEY,
23 aws_secret_access_key=SECRET_KEY,
24 )
25
26
27def get_dynamodb_api():
28 return boto3.client(
29 'dynamodb',
30 aws_access_key_id=ACCESS_KEY,
31 aws_secret_access_key=SECRET_KEY,
32 region_name='eu-central-1',
33 )
34
35def db_items(table):
36 dynamodb = get_dynamodb_api()
37 res = dynamodb.scan(
38 TableName=table,
39 AttributesToGet=['instance_id'],
40 )
41 return [item['instance_id']['S'] for item in res['Items'] if can_delete(item['instance_id']['S'])]
42
43
44def get_users(prefix=None, max_items=None):
45 iam = get_iam_api()
46 kwargs = {}
47
48 if prefix:
49 kwargs['PathPrefix'] = prefix
50
51 if max_items:
52 kwargs['MaxItems'] = max_items
53
54 users = iam.list_users(**kwargs)['Users']
55
56 return [item for item in users if can_delete(item['UserName'])]
57
58
59def get_first_access_key(username):
60 iam = get_iam_api()
61 res = iam.list_access_keys(UserName=username)
62 return res['AccessKeyMetadata'][0]['AccessKeyId']
63
64def get_access_key_last_used(access_key):
65 iam = get_iam_api()
66 res = iam.get_access_key_last_used(AccessKeyId=access_key)
67
68 try:
69 last_used = res['AccessKeyLastUsed']['LastUsedDate']
70 except Exception as e:
71 last_used = None
72 print res
73
74 return last_used
75
76
77def get_user_last_used_data(username):
78 return get_access_key_last_used(get_first_access_key(username))
79
80
81def how_long_used(username):
82 today = datetime.date.today()
83 used_dt = get_user_last_used_data(username)
84
85 if not used_dt:
86 return -1
87
88 used = datetime.date(used_dt.year, used_dt.month, used_dt.day)
89 return (today - used).days
90
91
92def delete_user(username):
93 iam = get_iam_api()
94 res = None
95
96 try:
97 print("Deleting user %s policy", username)
98 iam.delete_user_policy(UserName=username, PolicyName=username)
99 except Exception as e:
100 print e
101
102 try:
103 key = get_first_access_key(username)
104 iam.delete_access_key(
105 AccessKeyId=key,
106 UserName=username
107 )
108 except Exception as e:
109 print e
110
111 try:
112 print("Deleting user %s", username)
113 res = iam.delete_user(UserName=username)
114 except Exception as e:
115 print e
116
117 return res
118
119
120def delete_db_item(table, instance_id):
121 dynamodb = get_dynamodb_api()
122 print("Deleting db item ", instance_id)
123 return dynamodb.delete_item(
124 TableName=table,
125 Key={
126 'instance_id': {
127 'S': instance_id
128 }
129 }
130 )
131
132
133def get_not_used_users(prefix=None):
134 users = get_users(prefix)
135 not_users = []
136
137 for user in users:
138 if how_long_used(user['UserName']) == -1:
139 not_users.append(user['UserName'])
140
141 return not_users
142
143
144def remove_old_users(prefix=None):
145 users = get_users(prefix)
146
147 for user in users:
148 print how_long_used(user['UserName']), user['UserName']
149
150
151def remove_all_from(table):
152 items = db_items(table)
153
154 for item in items:
155 if can_delete(item):
156 delete_user(item)
157 delete_db_item(table, item)