AWS/CLI – AWS Identity and Access Management (IAM) – Basic Commands

 

What is ” Identity and Access Management (IAM)” ?

AWS Identity and Access Management (IAM) is a web service that you can use to manage users and user permissions under your AWS account.

Commands

Full

The current list of all IAM Commands is available here.

Covered

Here are the ones we will cover :-

Command Explanation Link
get-account-password-policy Retrieves the password policy for the AWS account. Link
get-group Returns a list of IAM users that are in the specified IAM group Link
get-user Retrieves information about the specified IAM user, including the user’s creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this API.

Link
list-groups Lists the IAM groups that have the specified path prefix. Link
list-groups-for-user Lists the IAM groups that the specified IAM user belongs to. Link
list-group-policies Lists the names of the inline policies that are embedded in the specified IAM group. Link
list-roles Lists the IAM roles that have the specified path prefix. Link
list-users Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list. Link

 

get-account-password-policy

Link

  1. Link
    Link

Syntax

get-account-password-policy

Sample

get-account-password-policy

Output

get-account-password-policy.20181109.0726PM

Explanation

  1. Policy
    • MinimumPasswordLength :- 8
    • RequireSymbols :- true
    • RequireNumbers :- true
    • RequireUppercaseCharacters :- true
    • RequireLowercaseCharacters :- true
    • ExpirePasswords :- true
    • MaxPasswordAge :- 180
      • Passwords have to be changed within 6 months
    • PasswordReusePrevention :- 6
      • Specifies the number of previous passwords that IAM users are prevented from reusing.

get-group

Link

  1. Link
    Link

Syntax

aws iam get-group --group-name [group-name]

Sample

aws iam get-group --group-name dba

Output

get-group.20181109.0739PM

Explanation

  1. Group Members are listed
  2. Group’s full path, Group Name, Group ID, and Arn

get-user

Link

  1. Link
    Link

Syntax

aws iam get-user [username]

Sample

aws iam get-user

Output

get-user.20181110.0713PM.PNG

Explanation

  1. List User’s information

list-groups

Link

  1. Link
    Link

Syntax

aws iam list-groups

Sample

aws iam list-groups

Output

list-groups.20181110.0744AM.PNG

Explanation

  1. List groups

list-groups-for-user

Link

  1. Link
    Link

Syntax

aws iam list-groups-for-user [username]

Sample

aws iam list-groups-for-user --user-name dadeniji

Output

list-groups-for-users.20181110.0719AM.PNG

Explanation

  1. List User’s Group

list-group-policies

Link

  1. Link
    Link

Syntax

aws iam list-group-policies --group-name [group-name]

Sample

aws iam list-group-policies --group-name dba

Output

list-group-policies.20181109.0749PM.PNG

Explanation

  1. List policies granted to the specified group

 

list-roles

Link

  1. Link
    Link

Syntax

aws iam list-roles

Sample

aws iam list-roles --path-prefix /aws

Output

Output – Textual


An error occurred (AccessDenied) when calling the ListRoles operation: User: arn:aws:iam::22:user/awsauth/dadeniji is not authorized to perform: iam:ListRoles on resource: arn:aws:iam::22:role/aws/

Output – Image

list-roles.20181110.1152AM.PNG

 

Explanation

  1. Permission denied
    • In our case we do not have permissions to list roles

 

list-users

Link

  1. Link
    Link

Syntax

aws iam list-users

Sample

aws iam list-users

Output

list-users.20181110.0729AM.PNG

Explanation

  1. List Users
    • Path
    • UserName
    • UserId
    • Arn
    • CreateDate
    • PasswordLastUsed

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s