Help us understand the problem. What is going on with this article?

[awscli] 全てのIAM Roleの最終使用日時(RoleLastUsed)一覧を取得するワンライナー

More than 1 year has passed since last update.

背景

[アップデート] IAMロールの最終使用日時を確認できるようになりました!
https://dev.classmethod.jp/cloud/aws/iam-roles-start-reporting-last-used-timestamp/#toc-aws-cli

Identify unused IAM roles easily and remove them confidently by using the last used timestamp
https://aws.amazon.com/jp/about-aws/whats-new/2019/11/identify-unused-iam-roles-easily-and-remove-them-confidently-by-using-the-last-used-timestamp/

やったこと

2019.11.22時点では aws iam list-roles のレスポンスには RoleLastUsed が含まれていなかったため、 全Roleの最終使用日時を取得したい場合には aws iam get-roleaws iam list-roles の結果を食わせる必要があります。

ワンライナー

aws iam list-roles | jq ( .Roles | .[] | .RoleName ) -r | xargs -I{} aws iam get-role --role-name {} | jq ' .Role | {Path: .Path, RoleName: .RoleName, RoleLastUsed: .RoleLastUsed} '

結果

$ aws iam list-roles | jq ( .Roles | .[] | .RoleName ) -r | xargs -I{} aws iam get-role --role-name {} | jq ' .Role | {Path: .Path, RoleName: .RoleName, RoleLastUsed: .RoleLastUsed} '
{
  "Path": "/",
  "RoleName": "hoge",
  "RoleLastUsed": {
    "LastUsedDate": "2019-11-21T11:59:00Z",
    "Region": "us-east-1"
  }
}
{
  "Path": "/",
  "RoleName": "poyo",
  "RoleLastUsed": {
    "LastUsedDate": "2019-11-22T02:30:00Z",
    "Region": "ap-northeast-1"
  }
}

棚卸しが捗りそう。

dharada1
eure
オンラインデーティングサービス「Pairs」の運営・開発をしている企業。様々なモダンな技術を駆使してビジネスを成長させています。
https://eure.jp/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away