【AWS CLI Samples】IAM

IAM
2024.05.06

The execution of commands is primarily verified in AWS Cloud9.
If you would like to provide command examples, please submit them through the contact form.
You may also use this form to request corrections for the listed command examples.

Find unused customer-managed IAM policy ARNs

aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"'

output

arn:aws:iam::123456789012:policy/Example-1
arn:aws:iam::123456789012:policy/Example-2
arn:aws:iam::123456789012:policy/Example-3
arn:aws:iam::123456789012:policy/Example-4

by anonymous

Delete unused customer-managed IAM policy versions (miscellaneous)

arn=$(aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"')
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v1 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v2 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v3 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v4 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v5 ;done

output

An error occurred (NoSuchEntity) when calling the DeletePolicyVersion operation: Policy arn:aws:iam::123456789012:policy/Example-1 version v1 does not exist or is not attachable.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.

by anonymous

Delete unused customer-managed IAM policies

arn=$(aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"')
for i in $arn; do aws iam delete-policy --policy-arn $i; done

output

None

by anonymous

タイトルとURLをコピーしました