How to determine if an IAM user has only API key access (no console access)?
See original GitHub issueHere’s some psuedocode for what I’d like to do:
for user in iam.users.all():
if user.password_enabled:
#Do something
In the credentials report, there’s a field for password_enabled. What’s the equivalent property of an IAM user object?
If such a thing doesn’t exist, I am requesting one.
Thanks!
Issue Analytics
- State:
- Created 8 years ago
- Comments:6 (5 by maintainers)
Top Results From Across the Web
Managing access keys for IAM users - AWS Documentation
If you determine that your use case still requires an access key, choose Other and then choose Next. On the Retrieve access key...
Read more >IAM User with Password and Access Keys - Trend Micro
Ensure that IAM users have either API access or console access in order to follow IAM ... To determine if your IAM users...
Read more >Managing User Credentials - Oracle Help Center
Learn to how to work with Oracle Cloud Infrastructure Identity and Access Management (IAM) user credentials.
Read more >Access keys are created during initial user setup for IAM users ...
Even if you known the user will need access keys, require them to create the keys themselves, or put in a support ticket...
Read more >Managing user API keys - IBM Cloud Docs
In the IBM Cloud console, go to Manage > Access (IAM) > API keys. Identify the row of the API key that you...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Update. This is the code I got working.
https://gist.github.com/jonathanwcrane/68ddff397ec85a8dddae
If your users (or AWS account) are created after October 20th, 2014 then the code below should do the trick. See the docs for more info: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.User.password_last_used
It makes the code far less verbose 😉