We needed to make a list of all IAM keys greater than 90 days old
Assumptions:
- I have profiles in my .aws/config for prod, nonprod, thebog, etc.
- I'm on a mac, so I had to use date -jf instead of date -d (??)
now=$(date +%s)
for acct in prod nonprod thebog sharedsvc network
do
for u in $(aws --profile $acct iam list-users | awk '/UserName/ {print $2}')
do
keys=$(aws --profile $acct iam list-access-keys --user-name $u | grep -e UserName -e CreateDate| tr -d '\n'|awk '{print $4", "$2}')
username=$(echo $keys|awk '{print $1}')
createdate=$(echo $keys|awk '{print $2}'|sed "s/\'//g")
createdate=$(date -jf "%Y-%m-%dT%H:%M:%S+00:00" $createdate +%s)
age=$(echo "(${now}-${createdate})/86400" | bc)
if [ $age -gt 90 ];then
echo "${acct}, $username $age"
fi
done
done