I have successfully fetched the users from AWS iam using the python boto module.
Code:
import boto from boto.iam.connection import IAMConnection cfn = IAMConnection(aws_access_key_id='somekeyid',aws_secret_access_key ='secret_here') data = cfn.get_all_users() for user in data.users: print user,"\n" How do I get the Groups details the user is associated with or the Permission type user is associated to ?
I added this line of code to get the group associated with the users and I am getting the error mentioned down bellow.
Added Code:
group=cfn.get_groups_for_user("Shital") print group Where , "Shital" is the user that exist and being fetched from above. For test purpose I am manually passing it to a function call.
Error:
Traceback (most recent call last): File "getuser.py", line 14, in <module> pol=cfn.get_groups_for_user("Shita") File "/home/tara/testinghere/IAM/env/local/lib/python2.7/site-packages/boto/iam/connection.py", line 509, in get_groups_for_user list_marker='Groups') File "/home/tara/testinghere/IAM/env/local/lib/python2.7/site-packages/boto/iam/connection.py", line 102, in get_response raise self.ResponseError(response.status, response.reason, body) boto.exception.BotoServerError: BotoServerError: 403 Forbidden <ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> <Error> <Type>Sender</Type> <Code>AccessDenied</Code> <Message>User: arn:aws:iam::586848946515:user/qa-api-users is not authorized to perform: iam:ListGroupsForUser on resource: user Shita</Message> </Error> <RequestId>7e9a4b56-95f0-11e7-9bb0-8b8eb22708c5</RequestId> </ErrorResponse> 
0 comments:
Post a Comment