Skip to content

Instantly share code, notes, and snippets.

@aaronbbrown

aaronbbrown/iam.md

Last active December 11, 2015 11:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save aaronbbrown/4596768 to your computer and use it in GitHub Desktop.
Save aaronbbrown/4596768 to your computer and use it in GitHub Desktop.
Download ZIP
Using IAM
Raw
iam.md

Installation and Setup

Install the AWS IAM tools:

Homebrew:

brew install aws-iam-tools

Configure the credentials file:

$ echo "AWSAccessKeyId=<Write your AWS access ID>
AWSSecretKey=<Write your AWS secret key>" > ~/.aws-credentials-master
$ export JAVA_HOME="$(/usr/libexec/java_home)" 
$ export AWS_IAM_HOME="/usr/local/Cellar/aws-iam-tools/1.5.0/jars"
$ export AWS_CREDENTIAL_FILE=$HOME/.aws-credentials-master

Add the export commands in this primer into a shell script or your .bashrc so you don't have to type them every time...

$ . ~/bin/set-ideeli-keys.sh

Decide which groups to add the user to and create the new user. The iam-usercreate command returns the AWS Access Key ID and AWS Secret Key. In this example, I'm creating an Administrator...Users should be limited by what they need to be able to do.

$ iam-grouplistbypath 
arn:aws:iam::113094932520:group/Administrators
arn:aws:iam::113094932520:group/EMRControl_S3_ReadOnly
arn:aws:iam::113094932520:group/ideeli-logs-RO
arn:aws:iam::113094932520:group/S3-ReadOnly
arn:aws:iam::113094932520:group/SysEng-PowerUsers
IsTruncated: false

$ iam-usercreate -u aaron-test -k -g Administrators
AKIAJLUHF66AHUUYDI7A
I7+eO+ebzOVTm45GTVf/GdGSYOuXBBk45FCw02Gq

Create a self-signed certificate and upload

$ openssl genrsa 2048 > key.pem
$ openssl req -new -key key.pem -out csr.pem

$ openssl x509 -req -days 2048 -in csr.pem -signkey key.pem -out cert.pem
$ iam-useraddcert -u aaron-test -f cert.pem
7RAXY6GXDJ7KI6OSOWS2ZP5GRCX3URCJ

Install the EC2 tools

Homebrew:

brew install ec2-api-tools elb-tools

Try stuff:

$ export EC2_PRIVATE_KEY="~/.ec2/key.pem"
$ export EC2_CERT="~/.ec2/cert.pem"
$ ec2-describe-instances
...

export AWS_ELB_HOME="/usr/local/Library/LinkedKegs/elb-tools/jars"
$ elb-describe-lbs
...

Set a password for the user so they can log into the management console:

$ iam-useraddloginprofile -u aaron-test -p foobar

Tasks

Delete a user:

$ iam-userdelloginprofile -u aaron-test
$ iam-userdel -r -u aaron-test

Change keys for a user:

$ iam-userlistkeys -u aaron-test
AKIAJLUHF66AHUUYDI7A
Active
IsTruncated: false

$ iam-useraddkey -u aaron-test
AKIAIZMUWG3Z4NCEZPMQ
BoHngLxTcrBJ3eaPD7jzFexkuN6+PqQFUIrLWyWu

$ iam-userdelkey -k AKIAJLUHF66AHUUYDI7A -u abrown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment