AWS

【AWS CLI】IAM関連の情報取得編 - サーバーワークスエンジニアブログ

function describe_role() {
  local role=$1
 
  echo "---- Role[$role] ----"
 
  if ! aws iam get-role --role-name ${role} >/dev/null; then
    error "IAM Roleが存在しません: ${role}"
    exit 1
  fi
 
  # インラインポリシー以外
  policies=$(aws iam list-attached-role-policies --role-name $role --query "AttachedPolicies[].[PolicyArn]" --output text)
  echo "[$role] Policies:"
  echo "$policies"
  for policy in $policies; do
    echo "[$role] PolicyName: $policy"
    policy_version=$(aws iam get-policy --policy-arn $policy --query "Policy.DefaultVersionId" --output text)
    aws iam get-policy-version --policy-arn $policy --version-id $policy_version --query "PolicyVersion.Document.Statement"
  done
 
  # インラインポリシー
  inline_policies=$(aws iam list-role-policies --role-name $role --query "PolicyNames" --output text)
  echo "[$role] InlinePolicies:"
  echo "$inline_policies"
  for policy in $inline_policies; do
    echo "[$role] InlinePolicyName: $policy"
    aws iam get-role-policy --role-name $role --policy-name $policy --query "PolicyDocument"
  done
}