By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS CLI Single query

0

This query gets username and groupname. How do I get all details of a user (aws list iam-users) like username, createdate, passwordlastused, & groupname ? I tried to fetch other fields --query 'Users[].[UserName,CreateDate]' but it throws an error.

users="$(aws iam list-users --query 'Users[].UserName' --output text)"
for user in $users ; do
  groups="$(aws iam list-groups-for-user \
      --user-name $user \
      --query 'Groups[].GroupName' \
      --output text \
    | paste -s -d, -  
  )"
  printf "%s\t%s\n" "$user" "$groups"
done
Topics
Management & GovernanceSecurity, Identity, & Compliance
Tags
AWS Command Line InterfaceAWS IAM Identity Center
Language
English
rePost-User-olmec
asked 2 years ago760 views
2 Answers
0
Accepted Answer

Ok, spent 30 mins on this for you... This works but needs JQ installed...

You can tweak as needed, but it outputs the users details and their groups. Let me know if this is what your looking for.. We can adjust where needed. I outputted as a CSV format so you can output to a file and import into a CSV viewer if needed

I may keep this one in my script archive :-)

#!/bin/bash
users=$(aws iam list-users --query 'Users[*]' --output json)

k=0
while [ $k -lt $(echo $users | jq '. | length') ]
  do
  groups=$(aws iam list-groups-for-user --user-name $(echo $users | jq '.['$k'].UserName' | tr -d '"') \
      --query 'Groups[*].GroupName' --output text)
  echo $(echo $users | jq '.['$k'] | "\(.UserName) \(.UserId) \(.Arn) \(.CreateDate) \(.PasswordLastUsed)"' | tr -d '"') $groups | sed "s/ /,/g"
  k=$(( $k + 1 ))
done

Output Example

GaryUser1,JJLYGGYLGY59565787785,arn:aws:iam::123456789123:user/GaryUser1,2021-05-17T16:32:39Z,2023-05-17T16:32:39Z,group1,group2,group3

Columns:- UserName, UserId, Arn, CreateDate, PasswordLastUsed, GROUPS

Please accept this as the answer if this solves your question. This helps me and others..

Gary

profile picture
EXPERT
Gary Mclean
answered 2 years ago
profile pictureAWS
EXPERT
secondabhi_aws
reviewed 2 years ago
0

List your fields as follows

aws iam list-users --query 'Users[*].[UserName, CreateDate, UserId]'

If you recieve this error:-

Bad value for --query 'Users[*].[UserName,: Bad jmespath expression: Unclosed ' delimiter: 'Users[*].[UserName, ^

Then use double quotes. Makes a difference Windows vs Linux

aws iam list-users --query "Users[*].[UserName, CreateDate, UserId]"

As for your script, try this

users=$(aws iam list-users --query 'Users[*].[UserName, CreateDate, UserId]'  --output text)

Gary

profile picture
EXPERT
Gary Mclean
answered 2 years ago
  • rePost-User-olmec
    2 years ago

    Linux. I tried both. An error occurred (ValidationError) when calling the ListGroupsForUser operation: The specified value for userName is invalid. It must contain only alphanumeric characters

  • Gary Mclean EXPERT
    2 years ago

    OK, its fine with a single field from users but as you require 2 or more fields we need to get clever and build a map

  • Gary Mclean EXPERT
    2 years ago

    Ill see what I can come up with.. JQ may be the way

  • rePost-User-olmec
    2 years ago

    I tried like below. Syntax errors.

    users=$(aws iam list-users --query 'Users[*].[UserName,CreateDate]' --output text) for user in $(echo "${users}"); do username=$(user'.[0]')

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content