使用 boto3
ec2 = session.client('ec2')
iam = session.client('iam')
使用 ec2 客户端描述实例配置文件关联并获取实例配置文件名称
ec2.describe_iam_instance_profile_associations(Filters=[{'Name': 'instance-id','Values': ['i-02a1cde71XXXXXX']}])
回复:
{'IamInstanceProfileAssociations': [{'AssociationId': 'iip-assoc-0f7dd8ceeXXXXXX', 'InstanceId': 'i-02a1cde71XXXXXX', 'IamInstanceProfile': {'Arn': 'arn:aws:iam::12345679012:instance-profile/XYZ', 'Id': 'XXXXXXXXXXXXX'}, 'State': 'associated'}],....... }
使用 iam 客户端并调用 get_instance_profile 以获取与 instanceProfile 关联的 RoleName
iam.get_instance_profile(InstanceProfileName='XYZ')
回复:
{'InstanceProfile': {'Path': '/', 'InstanceProfileName': 'XYZ', 'InstanceProfileId': 'XXXXXXXXXXXXX', 'Arn': arn:aws:iam::12345679012:instance-profile/XYZ', 'CreateDate': datetime.datetime(2021, 6, 10, 16, 15, 8, tzinfo=tzutc()), 'Roles': [{'Path': '/', 'RoleName': 'ABCD', ............... 'RetryAttempts': 0}}
您可以选择使用 list_attached_role_policies 了解与角色关联的托管策略是什么
iam.list_attached_role_policies(RoleName='ABCD')
回复:
{'AttachedPolicies': [{'PolicyName': 'EFG', 'PolicyArn': 'arn:aws:iam::12345679012:policy/EFG'}], 'IsTruncated': ......}}