Here is a sample script on AWS CLI to list all the expired IAM users.
#!/usr/bin/env bash
## VERSION 1.0.0
#export REPORT=$(aws iam get-credential-report --query "Content" --output text | base64 -d)
export USERS=$(aws iam get-credential-report --query "Content" --output text | base64 -d | awk -F "\"*,\"*" 'NR>2 {print $1"|"$7}')
for user in $USERS;
do
export USER=$(echo $user | awk -F '[|]' '{print $1}')
export EXPIRATION_DATE=$(echo $user | awk -F '[|]' '{print $2}')
if [[ "$EXPIRATION_DATE" != "N/A" ]] && [ "$EXPIRATION_DATE" != "not_supported" ]; then
echo "Checking user $USER with expiration date -$EXPIRATION_DATE-"
let REM_DAYS=\($(date +%s -d $EXPIRATION_DATE)-$(date +%s)\)/86400
echo $REM_DAYS
fi
done
Top comments (0)