CODEWITHSUNDEEP
pythonamazon-web-servicesboto3amazon-iam
Underoos
Underoos

Reputation: 5190

How to automatically invite an IAM user via email after creating account using boto3?

I'm creating an IAM user programmatically using boto3.

I also want to invite the user that I've just created using email.

Here's what I've tried so far for creating and updating the password.

iam.create_user(UserName='username')
iam.create_login_profile(
    UserName='username',
    Password='password',
    PasswordResetRequired=False
)

But I haven't found an option to automatically send an invite email to the user after it's been created.

Is there any way to automatically send an invite mail with the password and so that user can login?

Something like 

invite_mail='somemail'

Upvotes: 0

Views: 1165

Answers (2)

Chenna
Chenna

Reputation: 62

1

You can use a cloud trail to trigger Lambda upon the IAM-user creation event and send email to newly created users using AWS SES client. You can validate the format of the email with a regex like [email protected]. This you can only do if the user name is in email format.

2

import boto3

import logging

ses_client = boto3.client('ses', region_name='us-east-1')

iam_client = boto3.client('iam')


response = iam_client.create_user(
    Path='string',
    UserName='string',
    PermissionsBoundary='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

#if username as email id 
user_email =  response['User']['UserName']

#if user has tagged with email

#user_email =  response['User']['Tags']['KeyName']

SMTP_FROM = 'EMAIL_ADDRESS'

html = "html_email_template"

SMTP_TO = user_email

try:
    response = ses_client.send_email(
        Source=SMTP_FROM,
        Destination={
            'ToAddresses': SMTP_TO 
        },
        Message={
            'Body': {
                'Html': {
                    'Charset': "UTF-8",
                    'Data': html,
                }
            },
            'Subject': {
                'Data': 'New User Created '
            }
        }
    )
    logger.info(response)
except ClientError as e:
    logger.error(e.response['Error']['Message'])
else:
    logger.info("Email sent! Message ID: " + response['MessageId'])

Upvotes: 0

John Rotenstein
John Rotenstein

Reputation: 269666

There is no in-built AWS capability to send users their login information.

In fact, there is not even a standard field for storing email addresses for IAM Users.

You would need to code such functionality yourself.

Upvotes: 1

Related Questions