Compare the last rotation date of each access key with the specified maxAccessKeyAge (default: 90 days) to identify keys that have not been rotated within this period.

from datetime import datetime, timedelta import json # Define maximum key age (e.g., 90 days) maxAccessKeyAge = 90 # Calculate the threshold date threshold_date = datetime.now().astimezone() - timedelta(days=maxAccessKeyAge) # List to store non-compliant keys non_compliant_keys = [] # Iterate through the access keys for key in access_key_rotation_dates: last_rotation_date_str = str(key['LastRotationDate']) # Ensure it's a string try: last_rotation_date = datetime.fromisoformat(last_rotation_date_str) if last_rotation_date < threshold_date: non_compliant_keys.append({ 'UserName': key['UserName'], 'AccessKeyId': key['AccessKeyId'], 'LastRotationDate': key['LastRotationDate'], 'Status': 'NON_COMPLIANT' }) except ValueError: print(f"Skipping invalid date format for user {key['UserName']}: {last_rotation_date_str}") # Print the non-compliant keys print(json.dumps(non_compliant_keys, indent=4, default=str))