つけぇかた
Mac向け
jqとaws-cli要る
引数に何日前まで使ってないかをいれる
sh hoge.sh 60
#!/bin/bash
for i in `aws iam list-users | jq -r '.Users[].Arn'`
do
jobId=$(aws iam generate-service-last-accessed-details --arn $i | jq -r '.JobId')
lastActivity=$(\
aws iam get-service-last-accessed-details --job-id $jobId | \
jq -r '.ServicesLastAccessed[].LastAuthenticated' | \
sort -n | tail -n 1
)
if [ $lastActivity == 'null' ] ; then
continue
fi
lastActivityUnix=$(\
date -u -j -f "%Y-%m-%dT%H:%M:%SZ" $lastActivity +%s
)
todayUnix=$(date +%s)
if [ `expr $todayUnix - $lastActivityUnix` -ge `expr $1 "*" 86400` ] ; then
echo "UserArn:" $i
echo "LastActivity:" $lastActivity
echo "======================================"
fi
done
参考
使用していない認証情報の検索
https://docs.aws.amazon.com/ja_jp/IAM/latest/UserGuide/id_credentials_finding-unused.html