A cheat sheet for AWS IAM
This is a cheat sheet for AWS IAM.
Users
List all users info
aws iam list-users
List all users info with no pagination
aws iam list-users --no-paginate
List all users usernames
aws iam list-users --output text | cut -f 6
List current user’s information
aws iam get-user
List current user’s access keys
aws iam list-access-keys
Create new user
aws iam create-user --user-name $USERNAME
Get a specific user information
aws iam get-user --user-name $USERNAME
Delete a user
aws iam delete-user --user-name $USERNAME
Access keys
List all access keys
aws iam list-access-keys
List access keys of a specific user
aws iam list-access-keys --user-name $USERNAME
Create a new access key
aws iam create-access-key --user-name $USERNAME \
--output text | tee UserName.txt
List last access time of an access key
aws iam get-acces-key-last-used --access-key-id AKIAWHATEVEREXAMPLE
Desactivate an access key
aws iam update-access-key --access-key-id AKIAWHATEVEREXAMPLE \
--status Inactive --user-name $USERNAME
Delete an access key
aws iam delete-access-key --access-key-id AKIAWHATEVEREXAMPLE \
--user-name $USERNAME
Groups and Policies
List all groups
aws iam list-groups
Create a group
aws iam create-group --group-name $GROUPNAME
Delete a group
aws iam delete-group --group-name $GROUPNAME
List all policies
aws iam list-policies
Get a specific policy
aws iam get-policy --policy-arn <value>
List all users, groups, and role for a given policy
aws iam list-entities-for-policy --policy-arn <value>
List policies for a given group
aws iam list-attached-group-policies --group-name $GROUPNAME
Add a policy to a group
aws iam attach-group-policies --group-name $GROUPNAME \
--policy-arn <value>
Add a user to a group
aws iam add-user-to-group --group-name $GROUPNAME \
--user-name $USERNAME
List users for a given group
aws iam get-group --group-name $GROUPNAME
List groups for a given user
aws iam list-group-for-user --user-name $USERNAME
Remove a user from a group
aws iam remove-user-from-group --group-name $GROUPNAME \
--user-name $USERNAME
Remove policy from a group
aws iam detach-group-policy --group-name $GROUPNAME \
--policy-arn <value>
Delete a group
aws iam delete-group --group-name $GROUPNAME
Cheers!