How to Get the list of IAM users whose access keys are older than 90 days and send the email?

Hi, In this blog I am going to explain how to get the list of all IAM users whose access key is older than 90 days and send the email by using the AWS Lambda function and AWS SES using the boto3 script.

Prerequisites:

1. IAM users with proper tags(key=email & value=email_ID).
2. verified emails of all the users in the AWS SES service.
3. lambda execution role with IAMFullAccess and AmazonSESFullAccess.

STEP: 1 Create a lambda function with python runtime and choose the lambda execution role created in the Prerequisites section. Go to general configuration and give sufficient memory and timeout

STEP: 2 Paste the below code in the lambda function to fetch the IAM users whose access key is older than N days(here N=90 days).

import boto3, os, time, datetime, sys, json
from datetime import date
from botocore.exceptions import ClientError
iam = boto3.client('iam')
email_list = []
def lambda_handler(event, context):
    print("All IAM user emails that have…