Created
December 3, 2018 15:36
-
-
Save seansummers/eec39e69417b26671b5f4337a7609d32 to your computer and use it in GitHub Desktop.
AWS cli tools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash -xe | |
# This script requires `jq` and optionally `awsume` | |
awsume --session-name ssummers-update-api-keys # or whatever method to assume an mfa session | |
AWS_EXPIRING_ACCESS_KEY=$(aws configure get aws_access_key_id) | |
AWS_USER=$(aws sts get-caller-identity --query Arn --output text | awk -F/ '/:user/ {print $2}') | |
if [[ $(aws iam list-access-keys --user-name ${AWS_USER} --query '*[]|length(@)') -ne 1 ]] | |
then | |
echo "There is already a second API key set up; too dangerous to continue." | |
exit 1 | |
fi | |
export AWS_NEW_CREDENTIALS=$(aws iam create-access-key --user-name ${AWS_USER} --query AccessKey) | |
aws configure set aws_access_key_id $(echo $AWS_NEW_CREDENTIALS | jq -r .AccessKeyId) | |
aws configure set aws_secret_access_key $(echo $AWS_NEW_CREDENTIALS | jq -r .SecretAccessKey) | |
aws iam update-access-key --access-key-id ${AWS_EXPIRING_ACCESS_KEY} --status Inactive --user-name ${AWS_USER} | |
aws iam delete-access-key --access-key-id ${AWS_EXPIRING_ACCESS_KEY} --user-name ${AWS_USER} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment