This is a quick script to identify any AWS accounts that have not seen a login for more than a specific timeframe, OR any accounts that have a creation date over a specific amount of time ago and have seen no logins.
The idea is to identify accounts that are unused and forgotten about so that they may be decomissioned by the appropriate parties.
Create a venv in the project directory:
python -m venv .venv
source .venv/bin/activateInstall dependencies
pip install -r requirements.txtCreate a config.yaml in the project directory.
There needs to be a key profiles with values matching
the name of the profiles in your ~/.aws/credentials file.
For example, if my AWS credentials file was:
[default]
aws_access_key_id=YOURIDHERE
aws_secret_access_key=YOURKEYHERE
[account1]
aws_access_key_id=YOURIDHERE
aws_secret_access_key=YOURKEYHERE
[account2]
aws_access_key_id=YOURIDHERE
aws_secret_access_key=YOURKEYHERE
[account3]
aws_access_key_id=YOURIDHERE
aws_secret_access_key=YOURKEYHERE
...and I wanted to run the script against AWS profiles
account2 and account3, I would create a config.yaml file
like so:
---
- profiles:
- account2
- account3Then run with
python ./main.py-----
Unused account2 users:
User: [email protected]
Creation date: 03 Jun 20
Last login: 20 Oct 20
User: [email protected]
Creation date: 06 Apr 20
Last login: Never
User: service-account-user
Creation date: 16 Jul 19
Last login: Never