Managing AWS IAM (Identity and Access Management) users is essential for maintaining security and proper control over your AWS environment. The AWS CLI provides a simple and easy way for us to list all users in your AWS Account, helping administrators monitor and manage access effectively.
This guide will show you how to use AWS CLI to retrieve IAM user details and filter the output for better readability.
How to List AWS IAM Users using Command
To retrieve a list of all IAM users in your AWS account, run the aws iam list-users command. This command returns a JSON-formatted list containing details such as usernames, ARNs, and creation dates.
To display specific user information, add the --query option as shown in the example below:
aws iam list-users --query "Users[*].{Name:UserName, ARN:Arn, Created:CreateDate}"
This will return a cleaner, more focused output, making it easier to review user details without unnecessary clutter.
Example output:
[
{
"Name": "AdminUser",
"ARN": "arn:aws:iam::123456789012:user/AdminUser",
"Created": "2022-04-15T12:34:56Z"
},
{
"Name": "DeveloperUser",
"ARN": "arn:aws:iam::123456789012:user/DeveloperUser",
"Created": "2023-01-10T08:22:30Z"
}
]
Additional IAM Commands
Here are some other useful IAM-related commands:
List IAM Roles:
aws iam list-roles
Get Details of a Specific IAM User:
aws iam get-user --user-name AdminUser
List IAM groups:
aws iam list-groups
List attached policies for a specific user:
aws iam list-attached-user-policies --user-name AdminUser
For a full list of available IAM commands, refer to the official AWS CLI IAM Documentation.
Using AWS CLI to manage IAM users simplifies user administration. By filtering command output, you can quickly access the most relevant details without sifting through large JSON responses. You can always view this same information via the GUI (AWS Console), however using command-line for managing security is needed in larger organizations.
Leave a Reply