尝试列出帐户中的所有角色,以便我可以附加政策。我正在阅读boto3文档,但我没有看到一种方法来返回帐户中的角色集合。
这可能吗?
答案 0 :(得分:2)
根据您的问题 - 您需要将策略附加到角色。 为此,首先,您将从该帐户获得所有角色。 您可能需要以下两项内容来将策略附加到特定角色。
下面的代码可以帮助您 - 我正在建立IAM连接并从帐户中获取所有角色。因为,您将以Dicts和Array的形式获得输出,您需要提取arn或名称
import boto3
client = boto3.client('iam',aws_access_key_id="XXXXX",aws_secret_access_key="YYYYY")
roles = client.list_roles()
Role_list = roles['Roles']
for key in Role_list:
print key['RoleName']
print key['Arn']
答案 1 :(得分:1)
iam_client =boto3.client('iam',aws_access_key_id=credentials['AccessKeyId'], `enter code here`aws_secret_access_key=credentials['SecretAccessKey'], `enter code here`aws_session_token=credentials['SessionToken'],)
role_names=[]
response = iam_client.list_roles(
PathPrefix='/',
MaxItems=80 )
print(response)
roles = response['Roles']
for role in roles:
print(role['Arn'])
role_names.append(role['RoleName'])
if response['IsTruncated']:
response2=iam_client.list_roles(
PathPrefix='/',
Marker=response['Marker'],
MaxItems=80 )
roles2 = response2['Roles']
for role2 in roles2:
print(role2['Arn'])
role_names.append(role2['RoleName'])
print(response2)
if response2['IsTruncated']:
response3=iam_client.list_roles(
PathPrefix='/',
Marker=response2['Marker'],
MaxItems=80 )
roles3 = response3['Roles']
for role3 in roles3:
print(role2['Arn'])
role_names.append(role3['RoleName'])
print(response3)
print(role_names)
clearlist(role_names)
答案 2 :(得分:0)
#!/usr/bin/env python
# Author: Nick Skitch
import boto3
import json
def main():
boto3.setup_default_session(profile_name=PROFILE_NAME)
client = boto3.client('iam')
policy_document = get_policy_body(IAM_POLICY_JSON)
roles = get_roles(client)
for role in roles:
update_role(role,client,"required_tags",policy_document)
def get_policy_body(data_file):
with open(data_file) as data_file:
data = data_file.read()
return data
def update_role(role_name, client,iam_policy_name,policy_document):
response = client.put_role_policy(
RoleName=role_name,
PolicyName=iam_policy_name,
PolicyDocument=policy_document
)
print response
def get_roles(client):
client = boto3.client('iam')
response = None
role_names = []
marker = None
# By default, only 100 roles are returned at a time.
# 'Marker' is used for pagination.
while (response is None or response['IsTruncated']):
# Marker is only accepted if result was truncated.
if marker is None:
response = client.list_roles()
else:
response = client.list_roles(Marker=marker)
roles = response['Roles']
for role in roles:
print(role['Arn'])
role_names.append(role['RoleName'])
if response['IsTruncated']:
marker = response['Marker']
return role_names
if __name__ == "__main__":
main()
答案 3 :(得分:0)
API中有一种方法,here已记录。
示例:
response = client.list_roles(
PathPrefix='string',
Marker='string',
MaxItems=123
)
答案 4 :(得分:0)
类似于其他人的建议,如果找到1000个以上的角色,则需要迭代结果。默认值为一次100,但是您最多可以配置1000个MaxItems。更容易收集数组中的所有角色,并在所有迭代后对其进行处理。
import boto3
aws_profile = 'YourProfileName'
session = boto3.Session(profile_name=aws_profile)
client = session.client('iam')
roles = []
response = client.list_roles()
roles.extend(response['Roles'])
while 'Marker' in response.keys():
response = client.list_roles(Marker = response['Marker'])
roles.extend(response['Roles'])
print('roles found: ' + str(len(roles)))
for role in roles:
print(role['RoleName'])
print(role['Arn'])