I created this script to apply tags if certain conditions are met but it will not apply the tags if I just reference them, it will apply the tags if I type them in manually. This portion of the code works if it's manually typed in:
tag_user(user['UserName'], 'key', 'value')
Yes, I understand why it works, but if that works, why wouldn't this work as well?
tag_user(user['UserName'], testtag['Key'], testtag['Value'])
Is that not the same thing? I've tried numerous methods as you can see in the tag_user section but none of them work except the first one, which is not convenient. I want to be able to reference "testtag" which is a list of key and value. I don't even think I need the tag_user function at the start since the boto3.client('iam') includes it, I would just reference iam.tag_user(), but again I can't get that to work. I'm not sure what I'm doing wrong here, any help would be much appreciated. Thank you.
import boto3
iam = boto3.resource('iam')
iam_client = boto3.client('iam')
response = iam_client.list_users()
def tag_user(user, key, value):
client = boto3.client('iam')
try:
response = client.tag_user(
UserName=user,
Tags=[
{
'Key': key,
'Value': value
},
]
)
except:
response = 'We got an error'
return response
def lambda_handler(event,context):
return_value = {} #creates empty dictionary#
everything_dict = {} #dictionary of instances, which contains a dictionary of categories
#(missing tag key, missing tag values, incorrect tag keys, etc), which contains a list with the details
return_value['missingtagkeys'] = [] #within return values dictionary, create a missing tag key list#
return_value['missingtagvalues'] = [] #within return values dictionart, creates a missing tag values key list#
return_value['incorrecttagkeys'] = [] #within return values dictionary, create a incorrect tag key list#
return_value['incorrecttagvalues'] = [] #within return values dictionary, create a incorrect tag value list#
return_value['unknowntagvalues'] = [] #within return values dictionary, create a unknown tag value list#
testtag = [{
"Key": 'test',
"Value": 'testvalue'
}]
for user in response['Users']:
tags = iam_client.list_user_tags(UserName = user['UserName'])
tags = {x['Key']: x['Value'] for x in tags["Tags"]}
print(tags)
# iam user properties
ids = user['UserName']
username = user['UserName']
iam_user_id = user['UserId']
iam_user_arn = user['Arn']
try:
# if instance_ids not in everything_dict:
if username not in everything_dict:
# ids = user['UserName']
everything_dict[username] = {
'tags' : [],
'missingtagkeys' : [],
'missingtagvalues' : [],
'incorrecttagkeys' : [],
'incorrecttagvalues' : [],
'unknowntagvalues' : [],
}
everything_dict[username]['tags'].append(tags)
except:
pass
try:
if tags['contact'] in ['me', 'you']:
print(username + " (" + user['UserId'] + ")" + " has an approved contact tag value of " + tags['contact'] + ".")
tagissue = (username + " (" + user['UserId'] + ")" + " (" + user['Arn'] + ")" + " has an approved contact tag value of " + tags['contact'] + ".")
tag_user(user['UserName'], 'key', 'value') # hard coded tag key and values, works
tag_user(user['UserName'], str(testtag['Key']), str(testtag['Value'])) # does not work, why not?
tag_user(user['UserName'], testtag.get('Key'), testtag.get('Value')) # does not work, why not?
tag_user([user['UserName']], testtag) # does not work, why not?
iam.tag_user(username, Tags=testtag) # does not work, why not?
# Store values
return_value['incorrecttagvalues'].append(tagissue)
everything_dict[username]['incorrecttagvalues'].append(tagissue)
except:
pass
return everything_dict
Your "testtag" is actually a list of tag key-value pairs, so you need to iterate through this list.
testtag to test_tags, with example of second k-v pair:test_tags = [
{
"Key": 'test',
"Value": 'testvalue'
},
{
"Key": 'test2',
"Value": 'testvalue2'
},
]
2a. Utilizing the custom function in the Lambda Function body:
for test_tag in test_tags:
tag_user(user['UserName'], test_tag['Key'], test_tag['Value'])
2b. Alternatively, as you guessed at, you could just call IAM.Client.tag_user directly and remove the extra custom function.
This works because you already have a Sequence of TagTypeDef to pass into the Tags= keyword argument.
iam_client.tag_user(UserName=user['UserName'], Tags=test_tags)