Created
March 2, 2021 19:33
-
-
Save UnixSage/e02ad6536d60f35d2dcfe1adb7fe99bf to your computer and use it in GitHub Desktop.
Handy of you have multiple aws accounts, utility that interrogates your aws config and generates aws-vault command lines and passwords to facilitate secret rotation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import configparser | |
import re | |
import string | |
from random import choice | |
from os.path import expanduser | |
PasswordLength = 32 | |
SpecialCount = 4 | |
AccountInfo = [] | |
HomeDir = expanduser("~") | |
def GenPasswd(length, specialcount): | |
SpecialCounter = 0 | |
alphanum = string.ascii_letters+string.digits | |
special = "!@#$%^&*()_+-=[]{\\}|" | |
newpasswd = "" | |
for character in range(length): | |
if SpecialCounter >= abs(length / specialcount - 1) and character < length - 1: | |
newpasswd = newpasswd + choice(special) | |
SpecialCounter = 0 | |
else: | |
newpasswd = newpasswd + choice(alphanum) | |
SpecialCounter = SpecialCounter+1 | |
return newpasswd | |
config = configparser.ConfigParser() | |
config.read(HomeDir+"/.aws/config") | |
sections = config.sections() | |
for section in sections: | |
if config[section].get("mfa_serial"): | |
vaultid = re.sub("^profile ","",section) | |
userid = re.sub("^.*/","",config[section]["mfa_serial"]) | |
passwd = GenPasswd(PasswordLength, SpecialCount) | |
AccountInfo.append({ | |
"vaultid": vaultid, | |
"userid" : userid, | |
"passwd" : passwd, | |
}) | |
for account in AccountInfo: | |
vaultid = account["vaultid"] | |
print(f"aws-vault rotate -n {vaultid}") | |
for account in AccountInfo: | |
vaultid = account["vaultid"] | |
userid = account["userid"] | |
passwd = account["passwd"] | |
print(f"aws-vault exec -n {vaultid} -- aws iam update-login-profile --user-name {userid} --password '{passwd}'") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment