The AWS IAM Handler(Identity and Access Management) is a Python tool that helps you view and manage user access in your AWS account. It provides easy ways to get details about users, roles, groups, and permissions. This is useful for checking security, tracking changes, and making sure everything follows company policies. It makes it easier to understand who has access to what in your AWS environment.

iam_handler_test.py
from superagentx_handlers import AWSIAMHandler

aws_iam_handler = AWSIAMHandler(
        aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),
        aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),
        region_name=("AWS_REGION")
)

List iam users with details:

This function returns a list of all IAM users in your AWS account along with detailed metadata for each user. The information includes the username, user creation time, attached policies (both managed and inline), group memberships, and access key status.

async def list_iam_users_with_details():
    user_details = await aws_iam_handler.list_iam_users_with_details()

Get credential report:

Fetches a comprehensive credential report for all IAM users. This report contains details on each user’s password last used time, access key status, MFA configuration, and credential age.

async def get_credential_report():
    report = await aws_iam_handler.get_credential_report()

Get account password policy:

Retrieves the current password policy for your AWS account. The policy includes configuration like minimum password length, requirement for symbols or numbers, password expiration days, and reuse prevention.

async def get_account_password_policy():
    password_policy = await aws_iam_handler.get_account_password_policy()

Roles with details:

Lists all IAM roles in your account, including trust relationships, attached managed policies, and inline policies. It provides a complete view of which entities (users, services, or accounts) can assume each role.

async def list_iam_roles_with_details():
    iam_role_policy = await aws_iam_handler.list_iam_roles_with_details()

Groups with details:

Returns all IAM groups, along with the users in each group and the policies attached to the groups. This helps in understanding how permissions are inherited through group memberships.

async def list_iam_groups_with_details():
    iam_group = await aws_iam_handler.list_iam_groups_with_details()

Managed policies with documents:

Lists all managed IAM policies, including both AWS-managed and customer-managed ones. Each policy entry includes its JSON policy document and metadata like version and attachment count.

async def list_iam_managed_policies_with_documents():
    iam_managed_policy = await aws_iam_handler.list_iam_managed_policies_with_documents()

Collect all iam:

This is a custom aggregator function (not a native AWS API call). It runs a series of IAM-related queries and returns a consolidated dictionary of IAM users, roles, groups, policies, MFA status, and account summaries.

async def collect_all_iam():
    all_iam = await aws_iam_handler.collect_all_iam()

Enabled users:

Lists all IAM users who have Multi-Factor Authentication (MFA) enabled. This function checks user metadata and credential report information to verify MFA usage.

async def list_mfa_enabled_users():
    mfa_device = await aws_iam_handler.list_mfa_enabled_users()

Get account summary:

Returns a high-level summary of IAM usage in your AWS account. This includes resource counts (users, roles, groups, policies) and account-wide IAM limits and quotas.

async def get_account_summary():
    account_summary = await aws_iam_handler.get_account_summary()

Virtual mfa devices:

Returns a list of all virtual MFA devices configured in the account. Each device entry includes the assigned user (if any), creation time, and serial number.

async def list_virtual_mfa_devices():
    virtual_mfa = await aws_iam_handler.list_virtual_mfa_devices()

Account authorization details:

Provides a detailed snapshot of all IAM entities in your AWS account and their relationships. It includes users, groups, roles, and all associated policies, both attached and inline.

async def get_account_authorization_details():
    account_authorization = await aws_iam_handler.get_account_authorization_details()

List account aliases:

Lists any custom aliases associated with your AWS account ID. Account aliases are used to create user-friendly

async def list_account_aliases():
    aliases = await aws_iam_handler.list_account_aliases()