In an attack scenario, it is possible that you don't know the username of your current user, so we will add this line of code that uses the iam:GetUser API to determine that information (note that this call will fail if your credentials belong to a role):

   username = client.get_user()['User']['UserName'] 

Then we will iterate through the user data we collected and look for our current user:

# Define a variable that will hold our user
current_user = None

# Iterate through the enumerated users
for user in user_details:
    # See if this user is our user
    if user['UserName'] == username:
        # Set the current_user variable to our user
        current_user = user

        # We found the user, so we don't need to iterate through the rest of them
        break

We can now check a few different pieces of information that may or may not be attached to our user object. If a certain piece of information doesn't exist, then that means there are no values for it that we need to worry about.

To come up with a complete list of permissions for our user, we will need to inspect the following data: UserPolicyList, GroupList, and AttachedManagedPolicies. UserPolicyList will contain all inline policies that are attached to our user, AttachedManagedPolicies will include all managed policies attached to our user, and GroupList will contain the list of groups that our user is a part of. For each of the policies, we will need to pull the documents associated with them and for the groups, we will then need to check what inline policies and managed policies are attached to it, and then pull the documents associated with those to finally come up with a definitive list of permissions.