The total permissions of a single user are compiled from several places, so you have to use several commands to catch them all.
aws iam list-groups-for-user --user-name aws iam list-attached-group-policies --group-name aws iam list-group-policies --group-name aws iam list-attached-user-policies --user-name aws iam list-user-policies --user-name
Here's a quick powershell script that can automate this output:
param (
[string]$username
)
$Groups = aws iam list-groups-for-user --user-name $username --output text | %{ $_.split("`t")[4]}
foreach ($Group in $Groups)
{
aws iam list-attached-group-policies --group-name $Group --output table
}
aws iam list-attached-user-policies --user-name $username --output table
echo "-------- Inline Policies --------"
foreach ($Group in $Groups)
{
aws iam list-group-policies --group-name $Group --output table
}
aws iam list-user-policies --user-name $username --output table