Amazon Web Services (AWS) - List IAM Users Groups and Roles Details using the AWS CLI
by
Jeremy Canfield |
Updated: April 15 2024
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
- An IAM Policy allows certain actions (such create) on certain resources (such as EC2)
- An IAM User is typically a users account (such as john.doe) that contains an IAM Identity-Based Policy that allows certain actions (such as list) on certain resources (such S3)
- An IAM Role contains an IAM Policy that allows certain actions (such create) on certain resources (such as EC2) - Let's say the Identity-Based Policy attached to john.doe does NOT allow create S3 - john.doe could Assume a Role that allows create S3
- Assume Role or Switch Role using Python boto3
- Assume Role or Switch Role using Terraform
- Assume Role or Switch Role using the AWS CLI
- Often, a Role will have two Policies:
The aws iam get-account-authorization-details command can be used to list details about users, groups, roles and policies.
aws iam get-account-authorization-details
And here is an example of how to limit the output using the --query option.
aws iam get-account-authorization-details --query 'UserDetailList[?UserName==`johndoe`]'
Something like this should be returned.
{
"UserDetailList": [
{
"Path": "/",
"UserName": "johndoe",
"UserId": "AIDA123456789UA6B2DRP",
"Arn": "arn:aws:iam::123456789012:user/johndoe",
"CreateDate": "2022-09-13T11:13:03+00:00",
"GroupList": [],
"AttachedManagedPolicies": [
{
"PolicyName": "AdministratorAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess"
}
],
"Tags": []
}
],
"GroupDetailList": [],
"RoleDetailList": . . .
Did you find this article helpful?
If so, consider buying me a coffee over at 