![https://pieriantraining.com/](../PTCenteredPurple.png)

*Copyright: Pierian Training*

# IAM Policy

Boto3 is the AWS (Amazon Web Services) SDK for Python. It allows Python developers to write software that uses services like Amazon S3, Amazon EC2, and others. For IAM (Identity and Access Management), the boto3 library provides an IAM client that you can use to interact with the service.

Doc Link: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam.html

The most commonly used methods with the boto3 IAM client tend to be those for creating, managing, and deleting users, roles, and access policies. 

Here are some of the most common methods:

* create_user: This method creates a new IAM user for your AWS account.

In [1]:
import boto3 
iam_client = boto3.client('iam')

In [2]:
iam_client.create_user(UserName='newuser')

{'User': {'Path': '/',
  'UserName': 'newuser',
  'UserId': 'AIDAW4HPMF34X4EUZDPKX',
  'Arn': 'arn:aws:iam::472948420345:user/newuser',
  'CreateDate': datetime.datetime(2023, 9, 18, 5, 20, 10, tzinfo=tzutc())},
 'ResponseMetadata': {'RequestId': '28e438e9-2f3c-4d9e-929f-ada1bf4b2233',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amzn-requestid': '28e438e9-2f3c-4d9e-929f-ada1bf4b2233',
   'content-type': 'text/xml',
   'content-length': '475',
   'date': 'Mon, 18 Sep 2023 05:20:10 GMT'},
  'RetryAttempts': 0}}

### List Users

list_users: This method retrieves details about the IAM users in an AWS account.

In [3]:
response = iam_client.list_users()

In [7]:
response['Users'][3]

{'Path': '/',
 'UserName': 'newuser',
 'UserId': 'AIDAW4HPMF34X4EUZDPKX',
 'Arn': 'arn:aws:iam::472948420345:user/newuser',
 'CreateDate': datetime.datetime(2023, 9, 18, 5, 20, 10, tzinfo=tzutc())}

### List Groups

In [11]:
import boto3

# Create an IAM client
iam_client = boto3.client('iam')

# List groups
response = iam_client.list_groups()

for group in response['Groups']:
    print(group['GroupName'])


boto3-2
boto3-course
full-permission
TA-Test-Access


### Deleting a User

To delete a user named new-user using boto3 for AWS IAM, follow these steps:

Make sure the user does not have any attached access keys, policies, group memberships, etc. AWS does not allow deleting a user with attached resources.
Once you've ensured the user new-user is detached from all resources, you can call the delete_user method.
Here's a script that demonstrates how to delete the user new-user. This script assumes you've taken care of step 1 and removed all attached resources.

In [12]:
import boto3

# Create an IAM client
iam_client = boto3.client('iam')

# Delete the user
try:
    response = iam_client.delete_user(UserName='newuser')
    print("User 'newuser' deleted successfully.")
except Exception as e:
    print(f"Error deleting user: {e}")


User 'newuser' deleted successfully.
