AWS 【AWS CLI】IAM関連の情報取得編 - サーバーワークスエンジニアブログ function describe_role() { local role=$1 echo "---- Role[$role] ----" if ! aws iam get-role --role-name ${role} >/dev/null; then error "IAM Roleが存在しません: ${role}" exit 1 fi # インラインポリシー以外 policies=$(aws iam list-attached-role-policies --role-name $role --query "AttachedPolicies[].[PolicyArn]" --output text) echo "[$role] Policies:" echo "$policies" for policy in $policies; do echo "[$role] PolicyName: $policy" policy_version=$(aws iam get-policy --policy-arn $policy --query "Policy.DefaultVersionId" --output text) aws iam get-policy-version --policy-arn $policy --version-id $policy_version --query "PolicyVersion.Document.Statement" done # インラインポリシー inline_policies=$(aws iam list-role-policies --role-name $role --query "PolicyNames" --output text) echo "[$role] InlinePolicies:" echo "$inline_policies" for policy in $inline_policies; do echo "[$role] InlinePolicyName: $policy" aws iam get-role-policy --role-name $role --policy-name $policy --query "PolicyDocument" done }