IAM

2024.05.06

We mainly check whether commands can be executed using AWS Cloud9.
If you would like to provide example commands, please submit them using the form below.
Please also provide corrections if the command examples have mistake.

Suggest
The proposed content may be modified. Please be aware of this before making any suggestions.

Find unused customer-managed IAM policy ARNs

aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"'

output

arn:aws:iam::123456789012:policy/Example-1
arn:aws:iam::123456789012:policy/Example-2
arn:aws:iam::123456789012:policy/Example-3
arn:aws:iam::123456789012:policy/Example-4

by anonymous

Delete unused customer-managed IAM policy versions (miscellaneous)

arn=$(aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"')
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v1 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v2 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v3 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v4 ;done
for i in $arn; do aws iam delete-policy-version --policy-arn $i --version-id v5 ;done

output

An error occurred (NoSuchEntity) when calling the DeletePolicyVersion operation: Policy arn:aws:iam::123456789012:policy/Example-1 version v1 does not exist or is not attachable.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.
An error occurred (DeleteConflict) when calling the DeletePolicyVersion operation: Cannot delete the default version of a policy.

by anonymous

Delete unused customer-managed IAM policies

arn=$(aws iam list-policies \
--scope Local |
jq '.Policies[] | select(.AttachmentCount == 0 and .PermissionsBoundaryUsageCount == 0)' |
jq '.Arn' | cut -f 2 -d '"')
for i in $arn; do aws iam delete-policy --policy-arn $i; done

output

None

by anonymous

タイトルとURLをコピーしました