Add AWS housekeeping scripts, rename for consistency

aws/delete_iam_policies.py

@@ -0,0 +1,61 @@
+#!/usr/bin/python3
+#
+# Delete IAM policies whose names match a pattern
+#
+
+import argparse
+import boto3
+import re
+import click
+
+def list_policies(iam, pattern):
+    policies=[]
+    paginator = iam.get_paginator('list_policies')
+    for page in paginator.paginate(Scope='Local'):
+        for policy in page['Policies']:
+            if pattern.match(policy['PolicyName']):
+                policies.append(policy)
+    return policies
+
+
+def delete_policy_versions(iam, policy):
+    paginator = iam.get_paginator('list_policy_versions')
+    for page in paginator.paginate(PolicyArn=policy['Arn']):
+        for version in page['Versions']:
+            if version['IsDefaultVersion']:
+                continue
+            print("Deleting version {v}".format(v=version['VersionId']))
+            iam.delete_policy_version(PolicyArn=policy['Arn'], VersionId=version['VersionId'])
+
+
+def delete_policy(iam, policy):
+    print("Deleting policy {name}".format(name=policy['PolicyName']))
+    delete_policy_versions(iam, policy)
+    iam.delete_policy(PolicyArn=policy['Arn'])
+
+
+def confirm_delete(policies):
+    print("Delete policies:")
+    for policy in policies:
+        print(policy['PolicyName'])
+    return click.confirm("Continue?")
+
+
+def delete_matching_policies(pattern):
+    iam = boto3.client('iam')
+    policies = list_policies(iam, pattern)
+    if len(policies) == 0:
+        print("No matching policies")
+        return
+    if confirm_delete(policies):
+        for policy in policies:
+            delete_policy(iam, policy)
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Delete IAM policies")
+    parser.add_argument("--pattern", help="Regex to match policy name", default=".*")
+
+    args = parser.parse_args()
+    pattern = re.compile(args.pattern)
+    delete_matching_policies(pattern)