This is a cheat sheet for AWS IAM.
Users
List all users info
List all users info with no pagination
1
| aws iam list-users --no-paginate
|
List all users usernames
1
| aws iam list-users --output text | cut -f 6
|
List current user’s information
List current user’s access keys
1
| aws iam list-access-keys
|
Create new user
1
| aws iam create-user --user-name $USERNAME
|
Get a specific user information
1
| aws iam get-user --user-name $USERNAME
|
Delete a user
1
| aws iam delete-user --user-name $USERNAME
|
Access keys
List all access keys
1
| aws iam list-access-keys
|
List access keys of a specific user
1
| aws iam list-access-keys --user-name $USERNAME
|
Create a new access key
1
2
| aws iam create-access-key --user-name $USERNAME \
--output text | tee UserName.txt
|
List last access time of an access key
1
| aws iam get-acces-key-last-used --access-key-id AKIAWHATEVEREXAMPLE
|
Desactivate an access key
1
2
| aws iam update-access-key --access-key-id AKIAWHATEVEREXAMPLE \
--status Inactive --user-name $USERNAME
|
Delete an access key
1
2
| aws iam delete-access-key --access-key-id AKIAWHATEVEREXAMPLE \
--user-name $USERNAME
|
Groups and Policies
List all groups
Create a group
1
| aws iam create-group --group-name $GROUPNAME
|
Delete a group
1
| aws iam delete-group --group-name $GROUPNAME
|
List all policies
Get a specific policy
1
| aws iam get-policy --policy-arn <value>
|
List all users, groups, and role for a given policy
1
| aws iam list-entities-for-policy --policy-arn <value>
|
List policies for a given group
1
| aws iam list-attached-group-policies --group-name $GROUPNAME
|
Add a policy to a group
1
2
| aws iam attach-group-policies --group-name $GROUPNAME \
--policy-arn <value>
|
Add a user to a group
1
2
| aws iam add-user-to-group --group-name $GROUPNAME \
--user-name $USERNAME
|
List users for a given group
1
| aws iam get-group --group-name $GROUPNAME
|
List groups for a given user
1
| aws iam list-group-for-user --user-name $USERNAME
|
Remove a user from a group
1
2
| aws iam remove-user-from-group --group-name $GROUPNAME \
--user-name $USERNAME
|
Remove policy from a group
1
2
| aws iam detach-group-policy --group-name $GROUPNAME \
--policy-arn <value>
|
Delete a group
1
| aws iam delete-group --group-name $GROUPNAME
|