Tuesday, March 20, 2018

AWS - Listing users who have not enabled MFA for thier AWS account

Welcome Back!

Well, It's been years since I wrote my last blog.. Life is busy but there is nothing to complain about, as they say - Love the life you live and live the life you love!

Coming back to the topic; today's topic is about a task which I was trying to do since last couple of days..

Task was simple  - List the users who haven't enabled MFA for their AWS account. But integrating boto3 framework with Lambda was the trick.. Hence, thought of sharing the piece of code that I wrote for this task.

Note: You may run this with normal python IDE as well but that will require the AWS credentials.

I hope you will find it useful.

Python code for Lambda function:

##########################

import boto3


def lambda_handler(event, context):
    client = boto3.client('iam')
    users = client.list_users()

    user_list = []
    virutal_enabled =[]


    for key in users['Users']:
        user_list.append(str(key['UserName']))


    for key in users['Users']:
        List_of_MFA_Devices = client.list_mfa_devices(UserName=key['UserName'])
        for key in List_of_MFA_Devices['MFADevices']:
        virutal_enabled.append(str(key['UserName']))
     
    diff_list = [item for item in user_list if not item in virutal_enabled]

    for p in diff_list: print (p)

No comments:

Post a Comment