much of the IAM functionality in place
parent
23aa8f449e
commit
b398a21cc8
|
@ -484,38 +484,6 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": []
|
"outputs": []
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"cell_type": "code",
|
|
||||||
"collapsed": false,
|
|
||||||
"input": [
|
|
||||||
"#Launch new_test\n",
|
|
||||||
"\n",
|
|
||||||
"inst = aws.instance('new_test')"
|
|
||||||
],
|
|
||||||
"language": "python",
|
|
||||||
"metadata": {},
|
|
||||||
"outputs": []
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cell_type": "code",
|
|
||||||
"collapsed": false,
|
|
||||||
"input": [
|
|
||||||
"inst.start()"
|
|
||||||
],
|
|
||||||
"language": "python",
|
|
||||||
"metadata": {},
|
|
||||||
"outputs": []
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cell_type": "code",
|
|
||||||
"collapsed": false,
|
|
||||||
"input": [
|
|
||||||
"inst.update()"
|
|
||||||
],
|
|
||||||
"language": "python",
|
|
||||||
"metadata": {},
|
|
||||||
"outputs": []
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"cell_type": "heading",
|
"cell_type": "heading",
|
||||||
"level": 1,
|
"level": 1,
|
||||||
|
@ -889,45 +857,65 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"iam = aws.boto.connect_iam()"
|
"iam = aws.boto.connect_iam()\n",
|
||||||
],
|
"\n",
|
||||||
"language": "python",
|
"# get group names\n",
|
||||||
"metadata": {},
|
"\n",
|
||||||
"outputs": []
|
"def all_iam_group_names():\n",
|
||||||
},
|
" return [g.group_name for g in iam_groups['list_groups_response']['list_groups_result']['groups']]\n",
|
||||||
{
|
"\n",
|
||||||
"cell_type": "code",
|
"# get user names\n",
|
||||||
"collapsed": false,
|
"\n",
|
||||||
"input": [
|
"def all_iam_user_names():\n",
|
||||||
"iam.get_all_groups()"
|
" return [u.user_name for u in iam.get_all_users()[u'list_users_response'][u'list_users_result']['users']]\n",
|
||||||
],
|
"\n",
|
||||||
"language": "python",
|
"# mapping between groups and users\n",
|
||||||
"metadata": {},
|
"# list users and their corresponding groups.\n",
|
||||||
"outputs": []
|
"\n",
|
||||||
},
|
"def iam_group_names_for_user(user_name):\n",
|
||||||
{
|
" return [g.group_name for g in iam.get_groups_for_user(user_name)['list_groups_for_user_response'][u'list_groups_for_user_result']['groups']]\n",
|
||||||
"cell_type": "code",
|
"\n",
|
||||||
"collapsed": false,
|
"# for given groups, list corresponding users\n",
|
||||||
"input": [
|
"\n",
|
||||||
"[u.user_name for u in iam.get_all_users()[u'list_users_response'][u'list_users_result']['users']]"
|
"def iam_user_names_for_group(group_name):\n",
|
||||||
],
|
" return [u.user_name for u in iam.get_group(group_name=group_name)[u'get_group_response'][u'get_group_result']['users']]\n",
|
||||||
"language": "python",
|
"\n",
|
||||||
"metadata": {},
|
"# find keys associated with user\n",
|
||||||
"outputs": []
|
"\n",
|
||||||
},
|
"def access_keys_for_user_name(user_name):\n",
|
||||||
{
|
" keys = iam.get_all_access_keys(user_name=user_name)['list_access_keys_response'][u'list_access_keys_result']['access_key_metadata']\n",
|
||||||
"cell_type": "code",
|
" return keys\n",
|
||||||
"collapsed": false,
|
"\n",
|
||||||
"input": [
|
|
||||||
"# ok, we can go into greate depth.\n",
|
|
||||||
"# can we use IAM to create new IAM user and get the key / secret?\n",
|
"# can we use IAM to create new IAM user and get the key / secret?\n",
|
||||||
"\n",
|
"\n",
|
||||||
"IAM_USER_NAME = 'ry-dev-2'\n",
|
"def create_iam_user(user_name, generate_key=True):\n",
|
||||||
|
" iam_user = iam.create_user(user_name=user_name)\n",
|
||||||
|
" if generate_key:\n",
|
||||||
|
" key_output = iam.create_access_key(user_name=user_name)\n",
|
||||||
|
" access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
|
||||||
|
" (key, secret) = (access_key['access_key_id'], access_key['secret_access_key'])\n",
|
||||||
|
" return (iam_user, key, secret)\n",
|
||||||
|
" else:\n",
|
||||||
|
" return (iam_user, key, None, None)\n",
|
||||||
"\n",
|
"\n",
|
||||||
"iam_user = iam.create_user(user_name=IAM_USER_NAME)\n",
|
"def delete_iam_user(user_name):\n",
|
||||||
"key_output = iam.create_access_key(user_name=IAM_USER_NAME)\n",
|
" # first delete keys\n",
|
||||||
"access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
|
" keys = iam.get_all_access_keys(user_name=IAM_USER_NAME)['list_access_keys_response'][u'list_access_keys_result']['access_key_metadata']\n",
|
||||||
"(key, secret) = (access_key['access_key_id'], access_key['secret_access_key'])"
|
"\n",
|
||||||
|
" for key in keys:\n",
|
||||||
|
" result = iam.delete_access_key(access_key_id = key['access_key_id'], user_name=user_name)\n",
|
||||||
|
" \n",
|
||||||
|
" # then delete the user\n",
|
||||||
|
" return iam.delete_user(user_name=user_name)\n",
|
||||||
|
" \n",
|
||||||
|
"\n",
|
||||||
|
"# get general IAM stats\n",
|
||||||
|
"\n",
|
||||||
|
"(iam.get_account_summary(), all_iam_group_names(), all_iam_user_names(),\n",
|
||||||
|
" iam_group_names_for_user('eric'), iam_user_names_for_group('gluejar'),\n",
|
||||||
|
" access_keys_for_user_name('ry-dev')\n",
|
||||||
|
" )\n",
|
||||||
|
"\n"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -937,7 +925,10 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"iam_user"
|
"# test -> grab all groups and list of corresponding users\n",
|
||||||
|
"\n",
|
||||||
|
"for g in all_iam_group_names():\n",
|
||||||
|
" print g, user_names_for_iam_group(g)"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -947,7 +938,10 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"iam.create_access_key(user_name='ry-dev-2')"
|
"# list all keys by looping through users\n",
|
||||||
|
"\n",
|
||||||
|
"for u in all_iam_user_names():\n",
|
||||||
|
" print u, [(k.access_key_id, k.status) for k in access_keys_for_user_name(u)]"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -957,7 +951,14 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"key_output = _"
|
"# how to deactivate a key -- let's try it out on ry-dev-3 key\n",
|
||||||
|
"\n",
|
||||||
|
"\n",
|
||||||
|
"keys = access_keys_for_user_name('ry-dev-3')\n",
|
||||||
|
"for key in keys:\n",
|
||||||
|
" print key.access_key_id, key.status\n",
|
||||||
|
" result = iam.update_access_key(access_key_id=key.access_key_id, user_name='ry-dev-3', status='Inactive')\n",
|
||||||
|
" print result\n"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -967,8 +968,23 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"access_key = key_output['create_access_key_response']['create_access_key_result']['access_key']\n",
|
"# look at permission structures of groups and users\n",
|
||||||
"(access_key['access_key_id'], access_key['secret_access_key'])"
|
"\n",
|
||||||
|
"from urllib import urlencode\n",
|
||||||
|
"import urlparse\n",
|
||||||
|
"\n",
|
||||||
|
"def iam_policy_names_for_group(group_name):\n",
|
||||||
|
" return iam.get_all_group_policies(group_name=group_name)['list_group_policies_response'][u'list_group_policies_result']['policy_names']\n",
|
||||||
|
"\n",
|
||||||
|
"def policy_document(policy_name, user_name=None, group_name=None):\n",
|
||||||
|
" if group_name is not None:\n",
|
||||||
|
" document = iam.get_group_policy(group_name=group_name, policy_name=policy_name)[u'get_group_policy_response'][u'get_group_policy_result'][u'policy_document']\n",
|
||||||
|
" return urlparse.parse_qs(\"policy={0}\".format(document))['policy'][0]\n",
|
||||||
|
"\n",
|
||||||
|
"policy_names = iam_policy_names_for_group('gluejar')\n",
|
||||||
|
"\n",
|
||||||
|
"for p in policy_names:\n",
|
||||||
|
" print policy_document(group_name='gluejar', policy_name=p)"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
@ -978,7 +994,28 @@
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"collapsed": false,
|
"collapsed": false,
|
||||||
"input": [
|
"input": [
|
||||||
"# we've created a key/secret but we still needed to create permissions to attach to user \n"
|
"IAM_USER_NAME = 'ry-dev-2'"
|
||||||
|
],
|
||||||
|
"language": "python",
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"collapsed": false,
|
||||||
|
"input": [
|
||||||
|
"iam_user, key, secret = create_iam_user('ry-dev-3', True)"
|
||||||
|
],
|
||||||
|
"language": "python",
|
||||||
|
"metadata": {},
|
||||||
|
"outputs": []
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"cell_type": "code",
|
||||||
|
"collapsed": false,
|
||||||
|
"input": [
|
||||||
|
"# we've created a key/secret but we still needed to create permissions to attach to user \n",
|
||||||
|
"# the following is the permissions of a power user"
|
||||||
],
|
],
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
|
|
Loading…
Reference in New Issue