Identify non-compliant IAM users and reasons for non-compliance

import boto3 import json # Create an IAM client client = boto3.client( 'iam', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY'), region_name='us-east-2' ) # Get all IAM users users = client.list_users()['Users'] # Get the account password policy response = client.get_account_password_policy() password_policy = response['PasswordPolicy'] # Define the required criteria required_criteria = { 'MinimumPasswordLength': 8, 'RequireSymbols': True, 'RequireNumbers': True, 'RequireUppercaseCharacters': True, 'RequireLowercaseCharacters': True, 'AllowUsersToChangePassword': True } non_compliant_users = [] # Check each user for compliance for user in users: user_name = user['UserName'] user_policy = client.get_user(UserName=user_name) # Assuming user_policy contains password policy details for the user # This is a placeholder as AWS IAM does not provide per-user password policies # In reality, you would need to check user activity or other logs for compliance user_compliance_status = 'COMPLIANT' for key, value in required_criteria.items(): if key in password_policy and password_policy[key] != value: user_compliance_status = 'NON_COMPLIANT' break if user_compliance_status == 'NON_COMPLIANT': non_compliant_users.append(user_name) print("Non-compliant Users:", json.dumps(non_compliant_users, indent=4))