AWS has revolutionized the technological era by introducing cloud computing services at affordable prices. Today, AWS has succeeded in attracting millions of users around the globe. Since its launch, AWS has helped the business to grow, scale, and reach new heights of productivity by freeing them from manual management of servers and scaling of the applications. In modern times, users can build, scale, develop, test, and deploy applications quickly, securely, and remotely with AWS.
Quick Outline
This article presents information on the following aspects:
- What is the “list-users” command in AWS CLI?
- How to Use the “list-user” Command in AWS CLI?
- Bonus Tip: Examples of List-Users in Shell Scripting
- Bottom Line
There are two ways to access and manage the AWS resources i.e., via AWS Console or CLI. AWS CLI is a mode of access in which the users can manipulate the resources through different commands, parameters, and flags. There are different commands that can be used with AWS CLI such as creating a user, assuming a role, assigning permissions, etc.
What is the “list-users” command in AWS CLI?
The list-users command is used to list the users in the JSON format within an AWS account. This command supports pagination and accepts various parameters. If a specific path of a user is specified in the command, it will only list the details of that particular user. However, if no parameters are specified, it defaults to slash (/) and returns all the IAM users within the account.
Prerequisites
There are a few prerequisites of this tutorial given as follows:
- AWS CLI is installed on Windows and Ubuntu.
- AWS CLI credentials configured.
Learn more: How to Install AWS CLI Using Chocolatey Package Manager?
How to Use the “list-user” Command in AWS CLI?
Before using the list-user command, there are certain permissions that must be assigned to the user for performing this action. The “list-users” permission is built into the “IAMReadOnlyAccess” policy.
Syntax
The following is the syntax of the list-user command:
The following is a brief description of <OptionalParmaters> within the command:
- –path-prefix: This parameter is of string type. It is used for filtering the users and is considered optional. If a specific path is mentioned in this option within the command e.g., /development/dev1, it will return only those users who match this path or those whose path starts with /development/dev1. Similarly, if no path is specified, it defaults to slash (/) and returns all the users within the account.
- –marker: This option accepts string value and is used when the “isTruncated” value in the output is set to True. This true value indicates that there is more data to list and thus the –marker parameter is used. It is not a required parameter and is provided the value of the Marker element in the output. This value indicates where the next call should begin.
- –max-items: The “–max-items” parameter limits the number of entries within a single response. It is of integers data type and accepts minimum 1 and maximum 1000 values. If the –max-items parameter is specified in the command and there is more data to list, the isTruncated parameter will be true in the output and vice versa.
- –starting-token: This option is of string data type and accepts the value of the NextTruncated element from the output. It is used for pagination and indicates from where the next listing of the data should begin.
- –page-size: This option is used to specify the page size for listing the data. Setting a smaller page size results in more calls to the AWS service for listing the user which in turn prevents the service from timing out. However, it does not affect the number of items to be listed in the output and is an optional parameter of the command.
- –cli-input-json: This option is of string type and is used to provide instructions based on a JSON string to the service. This JSON string must be in compliance with the format provided by the “–generate-cli-skeleton”. The values of the JSON string will be overwritten if other arguments are provided within the command.
- –generate-cli-skeleton: This option accepts a string value and is used to create a template or a JSON skeleton for the user without any API calls. This template or skeleton will be used to provide instructions at once by following this specific format to the service. This JSON format is then used by the “–cli-input-json” option.
Examples
In this section of the article, we will discuss the implementation of the list-user command through various examples such as:
- Example 1: How to List All the Users Within the AWS Account Using CLI?
- Example 2: How to List the Attached Policy With a Specific User Using CLI?
- Example 3: How to List the Group of a User Using CLI?
- Example 4: How to List Tags of a User Using CLI?
- Example 5: How to List a Limited Number of Users Using CLI?
- Example 6: How to Filter Users With the “list-users” command?
- Example 7: How to List Users in Table Format With the “list-user” command?
Example 1: How to List All the Users Within the AWS Account Using CLI?
To list all the users existing inside an AWS account, provide the following command to CLI:
The output of the above command is given below:
Example 2: How to List the Attached Policy with a Specific User Using CLI?
While accessing certain resources in AWS, users often run into an “Access denied” error. This is because the user is not assigned the required permissions. The list-user command can also be used to determine the policies attached to the IAM user. However, the command “aws iam list-user-policies –user-name xxxx” yields no results.
In order to determine the policies attached to a user, use the below-mentioned command:
Note: Replace the “mfa-user” with your IAM user name.
Here, the output of the command lists various details about the policy attached to the user i.e., PolicyName and PolicyARN:
Read more: How to Create Policies and Permissions in AWS IAM?
Example 3: How to List the Group of a User Using CLI?
IAM groups are the collection of IAM users that share the same permissions. These groups can be assigned specific permissions depending on the user. For learning more about the IAM and User groups, refer to this article: “Explain IAM Identities (Users, User Groups, And Roles) ”.
To determine the group of the user, the following command is used:
Note: Replace the “example-user” in the –user-name field with your IAM user name.
The output of the above-mentioned command is given below:
Bonus Tip: List Group Policies
We can also list the policies attached to a group by using the CLI. To retrieve this information, provide the following command to the CLI:
Note: Replace the “firstgroup” with your IAM group name in the –group-name field.
The output of the command is as follows:
Example 4: How to List Tags of a User Using CLI?
Tags are composed of the key-value pairs. Each resource in AWS can have 50 tags associated with it. In order to list tags associated with a user, use the following command:
The output of the command displays the key-value pairs attached to the IAM user. Each key-value pair represents a single tag. There are two tags associated with the IAM user “taguser” as shown in the output of the command:
Example 5: How to List a Limited Number of Users Using CLI?
The –max-item parameter is used to limit the listing of users within a single response. To control the listing of the number of users, use the following command:
Note: Replace the value “1” in the –max-item with any numeric value between 1 to 1000 of your choice.
The output of the command is given as follows:
- NextToken: This field indicates that there is more data to list. The value of this option is provided to the –starting-token argument within the command.
The below-given command demonstrates the listing of the users from a specific point by using the value of the NextToken:
Note: Replace the value <NextTokenValue> with the value of the NextToken returned in the output. To copy the value of the NextToken in the CLI, press “CTRL + Shift + C” from the keyboard.
The output of the command is given as follows:
Example 6: How to Filter Users With the “list-users” command?
In the list-users command, we can also list particular users that meet the specific criteria. For this purpose, we will use the “–query” parameter with the list-user command. Command given below displays the UserName, CreateDate, and UserID of all the users within an AWS account:
The output of the command is given as follows:
Similarly, we can also determine if a particular user exists or not in the account by using the following command:
Below is the output of the above-mentioned command:
Example 7: How to List Users in Table Format With the “list-user” command?
By using the “list-user” command, we can display the users in various output formats such as tabular, JSON, YAML, or text. To implement this functionality, use the following command:
Note: The user can replace the value “table” with the YAML, text, and json to list the users in different output formats.
The output of the command is given as follows:
That is all from this section of the article.
Bonus Tip: Examples of list-users in Ubuntu
Before getting started with the Shell scripting demonstration of the list-users command, ensure that the AWS CLI is configured on the Ubuntu interface. To learn more about configuring the credentials: Installing and Using AWS CLI on Ubuntu.
In this section, we will implement the following examples:
- Example 1: List AWS Users in AWS Account in Ubuntu
- Example 2: List AWS Users with Specific Details
- Example 3: List the AWS Users Using a File in Ubuntu
For this demo, we have already configured the Ubuntu with AWS credentials. Type the “json” for the output format while configuring the credentials as shown in the below image:
Example 1: List AWS Users in AWS Account in Ubuntu
Use the following command to list the IAM users within an AWS account:
The output of the command is given as follows:
Example 2: List AWS Users with Specific Details
The list-user command can also be used to filter specific details of the users. For this purpose, an additional parameter “awk” is used with the list-user command. The awk command is not supported in Windows Operating System.
Suppose a user does not want to display the additional details such as ARN, Created Date, etc. of the IAM users within the AWS account Below is the command for this functionality:
In the output, we can see that only the names of the IAM users are listed:
Example 3: List the AWS Users Using a File in Ubuntu
The user can save the list-user command within a file and execute it to obtain the same results. Use the following command to create a file:
Hit the “Enter” button to execute the command:
This will create an empty file. Paste the following command within the file:
aws iam list-users | awk -F user/ '{print $2}' | awk '{print $1}'
After providing the script to the file, press the “:wq” keys from the keyboard and hit “Enter” to save and apply changes:
Assign the user the “Execution permissions” for this file via the following command:
The command has been successfully executed:
To execute this file, the command is given below:
The output of the command is as follows:
That is all from this section of the article.
Bottom Line
The list-users command is used to filter the user details, list tags, groups, or policies of the IAM users etc in various output formats such as table, YAML, etc. There are multiple optional parameters that can be used with the list-user command such as –max-item, –marker, –starting-token, etc. These parameters help the users to filter the response accurately and customize the output accordingly. This article provides various examples of list-user commands for understanding the concept in-depth.
