Reputation: 147
AWS IAM Python script - Add new User to existing Group
Context: I have a Python script that can create a User, decide on programmatic access or not, list the current Groups for Users. My issue is that I wish to add the new User to one of the existing, shown Groups.
I have tried the code below but get the following error:
python ec2-play.py
Please enter your e-mail address: [email protected]
Do you require programmatic access?(y/n): n
Console access only
[...list of Groups...]
1: admin-short-term
2: aws-admin
3: aws-admin-mfa
4: aws-training
Please pick a Group number: 4
You selected option 4: arn:aws:iam::xxxxxxxxxxxx:group/aws-training
Traceback (most recent call last):
File "ec2-play.py", line 41, in <module>
final = grp.add_user_to_group(GroupName=g, UserName=mail)
File "/opt/axe/local/python/local/lib/python2.7/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/opt/axe/local/python/local/lib/python2.7/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.NoSuchEntityException: An error occurred (NoSuchEntity) when calling the AddUserToGroup operation: The group with name r cannot be found.
This the code that produces that error output:
import boto3
iam = boto3.resource('iam')
iam_keys = boto3.resource('iam')
group_list = boto3.client('iam')
attach_group = boto3.client('iam')
grp = boto3.client("iam")
mail = raw_input("Please enter your e-mail address: ")
response = iam.create_user(UserName=mail)
prog = raw_input("Do you require programmatic access?(y/n): ")
if prog == "y":
iam_keys.create_access_key(UserName=mail)
print("Make sure awscli is installed on your machine")
elif prog == "n":
print("Console access only")
list = group_list.list_groups()
groups = list['Groups']
print(groups)
index = 1
for group in groups:
print("%d: %s" % (index, group["GroupName"]))
index +=1
option = int(input("Please pick a Group number: "))
arn = groups[option-1]["Arn"]
print("You selected option %d: %s" % (option, arn))
var = "%s" % (arn)
var.split(":group/")[1]
g = var[1]
final = grp.add_user_to_group(GroupName=g, UserName=mail)
print("User has been added to Group %s you selected" % (g))
Expected behavior: New User gets attached the selected Group.
Actual behavior: Python crashes out saying Group r cannot be found.
Upvotes: 0
Views: 1246
Answers (1)
Reputation: 78842
You've already calculated which group was selected - it's the option-1'th element in the groups list. You can retrieve any of its attributes in the normal way, for example:
group = groups[option-1]
group_name = group["GroupName"]
group_arn = group["Arn"]
Instead of calculating and using g, simply use groups[option-1][“GroupName”] for the group name (or group_name as calculated above).
The bigger picture here is that you’re going to need to learn how to debug your code. Printing out values as you go along (var and g, for example) and comparing them to what you expected to see is one way. A source-level debugger is another way.
Upvotes: 1
Related Questions
- Creating users in AWS SSO group using boto3
- How to attach new role permissions to iam_role in aws using python boto3?
- Attaching IAM user to IAM Group using Boto3
- How to get the permission or group details of the users in AWS iam using boto
- How to add group for a Cognito user using Python SDK
- Trying to create IAM Policy, Role and Users using Python (Boto3)
- How to create EC2-instance with python with attaching of already created security group
- AWS IAM Python Boto3 script - Create User
- python boto3 attach/replace IAM role to ec2
- how to associate a newly created EC2 security group with an instance