D’autres exemples de kits AWS SDK sont disponibles dans le référentiel GitHub AWS Doc SDK Examples
Utilisation de GetAccountAuthorizationDetails avec un kit AWS SDK ou une interface de ligne de commande
Les exemples de code suivants illustrent comment utiliser GetAccountAuthorizationDetails.
Les exemples d’actions sont des extraits de code de programmes de plus grande envergure et doivent être exécutés en contexte. Vous pouvez voir cette action en contexte dans l’exemple de code suivant :
- CLI
-
- AWS CLI
-
Pour répertorier les utilisateurs, les groupes, les rôles et les politiques IAM d’un compte AWS
La commande
get-account-authorization-detailssuivante renvoie des informations sur l’ensemble des utilisateurs, des groupes, des rôles et des politiques IAM du compte AWS.aws iam get-account-authorization-detailsSortie :
{ "RoleDetailList": [ { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "RoleId": "AROA1234567890EXAMPLE", "CreateDate": "2014-07-30T17:09:20Z", "InstanceProfileList": [ { "InstanceProfileId": "AIPA1234567890EXAMPLE", "Roles": [ { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "RoleId": "AROA1234567890EXAMPLE", "CreateDate": "2014-07-30T17:09:20Z", "RoleName": "EC2role", "Path": "/", "Arn": "arn:aws:iam::123456789012:role/EC2role" } ], "CreateDate": "2014-07-30T17:09:20Z", "InstanceProfileName": "EC2role", "Path": "/", "Arn": "arn:aws:iam::123456789012:instance-profile/EC2role" } ], "RoleName": "EC2role", "Path": "/", "AttachedManagedPolicies": [ { "PolicyName": "AmazonS3FullAccess", "PolicyArn": "arn:aws:iam::aws:policy/AmazonS3FullAccess" }, { "PolicyName": "AmazonDynamoDBFullAccess", "PolicyArn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" } ], "RoleLastUsed": { "Region": "us-west-2", "LastUsedDate": "2019-11-13T17:30:00Z" }, "RolePolicyList": [], "Arn": "arn:aws:iam::123456789012:role/EC2role" } ], "GroupDetailList": [ { "GroupId": "AIDA1234567890EXAMPLE", "AttachedManagedPolicies": { "PolicyName": "AdministratorAccess", "PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess" }, "GroupName": "Admins", "Path": "/", "Arn": "arn:aws:iam::123456789012:group/Admins", "CreateDate": "2013-10-14T18:32:24Z", "GroupPolicyList": [] }, { "GroupId": "AIDA1234567890EXAMPLE", "AttachedManagedPolicies": { "PolicyName": "PowerUserAccess", "PolicyArn": "arn:aws:iam::aws:policy/PowerUserAccess" }, "GroupName": "Dev", "Path": "/", "Arn": "arn:aws:iam::123456789012:group/Dev", "CreateDate": "2013-10-14T18:33:55Z", "GroupPolicyList": [] }, { "GroupId": "AIDA1234567890EXAMPLE", "AttachedManagedPolicies": [], "GroupName": "Finance", "Path": "/", "Arn": "arn:aws:iam::123456789012:group/Finance", "CreateDate": "2013-10-14T18:57:48Z", "GroupPolicyList": [ { "PolicyName": "policygen-201310141157", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "aws-portal:*", "Sid": "Stmt1381777017000", "Resource": "*", "Effect": "Allow" } ] } } ] } ], "UserDetailList": [ { "UserName": "Alice", "GroupList": [ "Admins" ], "CreateDate": "2013-10-14T18:32:24Z", "UserId": "AIDA1234567890EXAMPLE", "UserPolicyList": [], "Path": "/", "AttachedManagedPolicies": [], "Arn": "arn:aws:iam::123456789012:user/Alice" }, { "UserName": "Bob", "GroupList": [ "Admins" ], "CreateDate": "2013-10-14T18:32:25Z", "UserId": "AIDA1234567890EXAMPLE", "UserPolicyList": [ { "PolicyName": "DenyBillingAndIAMPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": { "Effect": "Deny", "Action": [ "aws-portal:*", "iam:*" ], "Resource": "*" } } } ], "Path": "/", "AttachedManagedPolicies": [], "Arn": "arn:aws:iam::123456789012:user/Bob" }, { "UserName": "Charlie", "GroupList": [ "Dev" ], "CreateDate": "2013-10-14T18:33:56Z", "UserId": "AIDA1234567890EXAMPLE", "UserPolicyList": [], "Path": "/", "AttachedManagedPolicies": [], "Arn": "arn:aws:iam::123456789012:user/Charlie" } ], "Policies": [ { "PolicyName": "create-update-delete-set-managed-policies", "CreateDate": "2015-02-06T19:58:34Z", "AttachmentCount": 1, "IsAttachable": true, "PolicyId": "ANPA1234567890EXAMPLE", "DefaultVersionId": "v1", "PolicyVersionList": [ { "CreateDate": "2015-02-06T19:58:34Z", "VersionId": "v1", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "iam:CreatePolicy", "iam:CreatePolicyVersion", "iam:DeletePolicy", "iam:DeletePolicyVersion", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListPolicies", "iam:ListPolicyVersions", "iam:SetDefaultPolicyVersion" ], "Resource": "*" } }, "IsDefaultVersion": true } ], "Path": "/", "Arn": "arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies", "UpdateDate": "2015-02-06T19:58:34Z" }, { "PolicyName": "S3-read-only-specific-bucket", "CreateDate": "2015-01-21T21:39:41Z", "AttachmentCount": 1, "IsAttachable": true, "PolicyId": "ANPA1234567890EXAMPLE", "DefaultVersionId": "v1", "PolicyVersionList": [ { "CreateDate": "2015-01-21T21:39:41Z", "VersionId": "v1", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": [ "arn:aws:s3:::amzn-s3-demo-bucket", "arn:aws:s3:::amzn-s3-demo-bucket/*" ] } ] }, "IsDefaultVersion": true } ], "Path": "/", "Arn": "arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket", "UpdateDate": "2015-01-21T23:39:41Z" }, { "PolicyName": "AmazonEC2FullAccess", "CreateDate": "2015-02-06T18:40:15Z", "AttachmentCount": 1, "IsAttachable": true, "PolicyId": "ANPA1234567890EXAMPLE", "DefaultVersionId": "v1", "PolicyVersionList": [ { "CreateDate": "2014-10-30T20:59:46Z", "VersionId": "v1", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" } ] }, "IsDefaultVersion": true } ], "Path": "/", "Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", "UpdateDate": "2015-02-06T18:40:15Z" } ], "Marker": "EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE", "IsTruncated": true }Pour plus d’informations, consultez Consignes pour les audits de sécurité AWS dans le Guide de l’utilisateur AWS IAM.
-
Pour plus d’informations sur l’API, consultez GetAccountAuthorizationDetails
dans la Référence des commandes AWS CLI.
-
- PowerShell
-
- Outils pour PowerShell V4
-
Exemple 1 : cet exemple obtient les détails d’autorisation concernant les identités du compte AWS et affiche la liste des éléments de l’objet renvoyé, y compris les utilisateurs, les groupes et les rôles. Par exemple, la propriété
UserDetailListaffiche des informations sur les utilisateurs. Des informations similaires sont disponibles dans les propriétésRoleDetailListetGroupDetailList.$Details=Get-IAMAccountAuthorizationDetail $DetailsSortie :
GroupDetailList : {Administrators, Developers, Testers, Backup} IsTruncated : False Marker : RoleDetailList : {TestRole1, AdminRole, TesterRole, clirole...} UserDetailList : {Administrator, Bob, BackupToS3, }$Details.UserDetailListSortie :
Arn : arn:aws:iam::123456789012:user/Administrator CreateDate : 10/16/2014 9:03:09 AM GroupList : {Administrators} Path : / UserId : AIDACKCEVSQ6CEXAMPLE1 UserName : Administrator UserPolicyList : {} Arn : arn:aws:iam::123456789012:user/Bob CreateDate : 4/6/2015 12:54:42 PM GroupList : {Developers} Path : / UserId : AIDACKCEVSQ6CEXAMPLE2 UserName : bab UserPolicyList : {} Arn : arn:aws:iam::123456789012:user/BackupToS3 CreateDate : 1/27/2015 10:15:08 AM GroupList : {Backup} Path : / UserId : AIDACKCEVSQ6CEXAMPLE3 UserName : BackupToS3 UserPolicyList : {BackupServicePermissionsToS3Buckets}-
Pour plus de détails sur l’API, consultez GetAccountAuthorizationDetails dans la Référence des applets de commande Outils AWS pour PowerShell (V4).
-
- Outils pour PowerShell V5
-
Exemple 1 : cet exemple obtient les détails d’autorisation concernant les identités du compte AWS et affiche la liste des éléments de l’objet renvoyé, y compris les utilisateurs, les groupes et les rôles. Par exemple, la propriété
UserDetailListaffiche des informations sur les utilisateurs. Des informations similaires sont disponibles dans les propriétésRoleDetailListetGroupDetailList.$Details=Get-IAMAccountAuthorizationDetail $DetailsSortie :
GroupDetailList : {Administrators, Developers, Testers, Backup} IsTruncated : False Marker : RoleDetailList : {TestRole1, AdminRole, TesterRole, clirole...} UserDetailList : {Administrator, Bob, BackupToS3, }$Details.UserDetailListSortie :
Arn : arn:aws:iam::123456789012:user/Administrator CreateDate : 10/16/2014 9:03:09 AM GroupList : {Administrators} Path : / UserId : AIDACKCEVSQ6CEXAMPLE1 UserName : Administrator UserPolicyList : {} Arn : arn:aws:iam::123456789012:user/Bob CreateDate : 4/6/2015 12:54:42 PM GroupList : {Developers} Path : / UserId : AIDACKCEVSQ6CEXAMPLE2 UserName : bab UserPolicyList : {} Arn : arn:aws:iam::123456789012:user/BackupToS3 CreateDate : 1/27/2015 10:15:08 AM GroupList : {Backup} Path : / UserId : AIDACKCEVSQ6CEXAMPLE3 UserName : BackupToS3 UserPolicyList : {BackupServicePermissionsToS3Buckets}-
Pour plus de détails sur l’API, consultez GetAccountAuthorizationDetails dans la Référence des applets de commande Outils AWS pour PowerShell (V5).
-
- Python
-
- Kit SDK pour Python (Boto3)
-
Note
Il y en a plus sur GitHub. Trouvez l’exemple complet et découvrez comment le configurer et l’exécuter dans le référentiel d’exemples de code AWS
. def get_authorization_details(response_filter): """ Gets an authorization detail report for the current account. :param response_filter: A list of resource types to include in the report, such as users or roles. When not specified, all resources are included. :return: The authorization detail report. """ try: account_details = iam.meta.client.get_account_authorization_details( Filter=response_filter ) logger.debug(account_details) except ClientError: logger.exception("Couldn't get details for your account.") raise else: return account_details-
Pour les détails de l’API, consultez GetAccountAuthorizationDetails dans la Référence de l’API du kit SDK AWS pour Python (Boto3).
-
