The IAM User Management Automation Tool is a Python-based solution designed to streamline AWS IAM tasks using the powerful boto3 library. This tool automates the management of IAM users, policies, and groups, making it an ideal choice for administrators who need to efficiently manage IAM tasks at scale.
- Bulk IAM User Creation: Automate the creation of multiple IAM users from a CSV file, reducing manual efforts.
- Policy Management: Attach and detach policies to/from IAM users for flexible permission management.
- User Tagging: Organize and manage users effectively by adding tags.
- Group Management: Create IAM groups, manage group memberships, and automate group-related tasks.
- Policy Deletion: Automate the cleanup of outdated or unnecessary policies.
- User and Tag Listing: Easily list all IAM users and their associated tags for quick reference.
- Python 3.x
boto3library- AWS credentials properly configured
- Clone the Repository
git clone https://github.com/yourusername/iam-user-management-automation.git
cd iam-user-management-automationInstall Dependencies
Install the required Python packages using pip:
pip install -r requirements.txtConfigure AWS Credentials
Ensure your AWS credentials are configured correctly. You can use the AWS CLI to set them up:
aws configureCreate a CSV file named users.csv with the following structure:
UserName,PolicyArn,TagKey,TagValue,GroupName
alice,arn:aws:iam::aws:policy/AdministratorAccess,Department,IT,Admins
bob,arn:aws:iam::aws:policy/ReadOnlyAccess,Department,HR,ViewersExecute the main script to perform the IAM tasks specified in the CSV file:
python main.pyTo list all IAM users and their tags, include the function call in the main script.
The core service utilized for managing identities and permissions within AWS. The project interacts directly with IAM to perform tasks such as user creation, policy management, and group administration.
utils.py: Contains all the core functions for AWS IAM operations, including creating users, managing policies, tagging users, and handling groups.main.py: The primary script that orchestrates the IAM tasks by reading data from the CSV file, executing operations, and logging the results.
The input data source that contains user information, policy ARNs, tags, and group names.
Integrated logging captures and reports the outcome of each operation. Logs are essential for monitoring script execution, tracking success messages, and identifying any errors encountered.
Lists the necessary Python packages required to run the scripts, including boto3 for AWS SDK interactions and logging for event capturing.
- Load Data: Read user data from the
users.csvfile. - Resource Creation: Automate the creation of IAM users and groups.
- Policy Management: Attach and detach policies to/from users as specified.
- User Tagging: Add tags to users for enhanced organization.
- Group Management: Handle group memberships by adding or removing users from groups.
- Logging and Monitoring: Log all actions for transparency and troubleshooting.
def create_user(user_name):
# Code to create IAM userdef attach_policy(user_name, policy_arn):
# Code to attach policy
def detach_policy(user_name, policy_arn):
# Code to detach policydef tag_user(user_name, tag_key, tag_value):
# Code to tag IAM userdef create_group(group_name):
# Code to create group
def add_user_to_group(user_name, group_name):
# Code to add user to group
def remove_user_from_group(user_name, group_name):
# Code to remove user from groupdef delete_policy(policy_arn):
# Code to delete policydef list_users_and_tags():
# Code to list IAM users and their tagsWe welcome contributions! Please fork this repository, make your changes, and submit a pull request. Whether you’re adding new features, improving existing functionality, or fixing bugs, your help is appreciated.