-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathunused-iam-profiles
executable file
·43 lines (35 loc) · 1.07 KB
/
unused-iam-profiles
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#/usr/bin/ruby
require 'aws'
iam = AWS::IAM::Client.new
iam_roles = {}
ec2_roles = []
truncated = true
marker = nil
while truncated == true do
resp = marker.nil? ? iam.list_instance_profiles : iam.list_instance_profiles(marker: marker)
resp[:instance_profiles].collect { |i|
iam_roles[i[:instance_profile_id]] = i[:instance_profile_name]
}
marker = resp[:marker]
truncated = resp[:is_truncated]
end
# get the instance profile ids from all instances in all regions
AWS.regions.each do |region|
region.ec2.instances.each do |instance|
if instance.iam_instance_profile_id
ec2_roles << instance.iam_instance_profile_id
end
end
end
# subtract the inuse ec2 roles from the available iam roles
ec2_roles = ec2_roles.compact.sort
iam_role_ids = iam_roles.keys.compact.sort!
unused_ids = iam_role_ids - ec2_roles
puts "#{ unused_ids.count } of #{ iam_role_ids.count } IAM Profiles are unused ## BETA!"
if unused_ids.count
unused_names = unused_ids.collect { |id| iam_roles[id] }
puts "============="
unused_names.sort.each do |id|
puts id
end
end