coingraham/createuploadassets.py

## createuploadassets.py
import datetime
import random
import string
import time
import argparse
import json

try:
    import unicodecsv as csv
except ImportError:
    import csv

import boto3
import botocore

"""
User info from file:

    alias
    aws-account
    username
    generate-keys
    generate-login
    groups
    bucket

"""
output_order = [
    'login-url',
    'username',
    'password',
    'bucket',
    'access_key_id',
    'secret_access_key',
]

login_template = "https://%s.signin.aws.amazon.com/console"

pw_chars = string.ascii_letters + string.digits + string.punctuation

parser = argparse.ArgumentParser(description='This is a user add script.')
parser.add_argument('-a', '--accountid', help='Account ID', required=True)
parser.add_argument('-u', '--username', help='Username', required=True)
parser.add_argument('-p', '--prefix', help='Prefix', required=True)
parser.add_argument('-A', '--accesskey', help='Account Access Key', required=False)
parser.add_argument('-S', '--secretkey', help='Account Secret Key', required=False)
args = parser.parse_args()


def get_pw(length=12):
    return ''.join(random.choice(pw_chars) for x in range(length))


def ask_user_info():
    user_info = {'path': "/", 'username': args.username}
    #    print "\n\nUser Information:\n"
    #    user_info['generate-keys'] = raw_input("Create access keys? [Y/n]") or "y"
    #    user_info['generate-login'] = raw_input("Create login name and password? [Y/n]") or "y"
    #    user_info['path'] = raw_input("Path for user? [default: /]") or "/"
    return user_info


def create_user(username, accountid, prefix):
    user_info = {'path': "/"}
    user_info["username"] = username
    user_info["aws-account"] = accountid
    iam_client = boto3.client("iam")

    if not user_info['path']:
        user_info['path'] = '/'

    try:
        user = iam_client.get_user(UserName=user_info['username'])

    except botocore.exceptions.ClientError as e:
        user = None
        if e.response['Error']['Code'] != "NoSuchEntity":
            raise
    if user:
        print('Username %s already exists' % user_info['username'])
        user_created = False
    else:
        user = iam_client.create_user(UserName=user_info['username'], Path=user_info['path'])
        user_created = True

    user_info['arn'] = user['User']['Arn']

    # generate login
    pw = get_pw()
    try:
        iam_client.create_login_profile(UserName=user_info['username'], Password=pw)
        user_info['password'] = pw
        user_info['login-url'] = login_template % user_info['aws-account']
    except botocore.exceptions.ClientError:
        raise

    # generate an access key and add the policy
    if user_created:
        # TODO future improvement, check for keys, and create for existing
        # user if not previously created
        key = iam_client.create_access_key(UserName=user_info['username'])[u'AccessKey']
        user_info['access_key_id'] = key[u'AccessKeyId']
        user_info['secret_access_key'] = key[u'SecretAccessKey']

        policydocument = json.dumps(
            {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:GetBucketLocation",
                    "s3:ListAllMyBuckets"
                  ],
                  "Resource": "arn:aws:s3:::*"
                },
                {
                  "Effect": "Allow",
                  "Action": ["s3:ListBucket"],
                  "Resource": ["arn:aws:s3:::{}.{}".format(prefix, user_info['username'])]
                },
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject"
                  ],
                  "Resource": ["arn:aws:s3:::{}.{}/*".format(prefix, user_info['username'])]
                }
              ]
            }
        )
        policyname = "{}.{}.access".format(prefix, user_info["username"])
        policydescription = "{}.{} bucket access policy".format(prefix, user_info["username"])

        try:
            policy = iam_client.create_policy(
                PolicyName=policyname,
                Path=user_info["path"],
                PolicyDocument=policydocument,
                Description=policydescription
            )[u'Policy']
        except botocore.exceptions.ClientError:
            raise

        try:
            iam_client.attach_user_policy(
                UserName=user_info["username"],
                PolicyArn=policy[u'Arn']
            )
        except botocore.exceptions.ClientError:
            raise

        try:
            s3_client = boto3.client("s3")
            user_info["bucket"] = "{}.{}".format(prefix, user_info["username"])
            s3_client.create_bucket(Bucket=user_info["bucket"])
        except botocore.exceptions.ClientError:
            raise

        # TODO only generate report if user created, not if updated
        ts = time.time()
        timestamp = datetime.datetime.fromtimestamp(ts).strftime(
            '%Y-%m-%d-%H-%M-%S')
        credfile = '%s-%s.csv' % (user_info['username'], timestamp)
        with open(credfile, 'wb') as f:
            writer = csv.DictWriter(f,
                                    fieldnames=output_order,
                                    restval='N/A',
                                    extrasaction='ignore',
                                    )
            writer.writerow(dict([(k, k) for k in output_order]))
            writer.writerow(user_info)
        user_info['credfile'] = credfile

    return user_info

if __name__ == '__main__':
    created_user = create_user(args.username, args.accountid, args.prefix)
    print(created_user)
	import datetime
	import random
	import string
	import time
	import argparse
	import json

	try:
	import unicodecsv as csv
	except ImportError:
	import csv

	import boto3
	import botocore

	"""
	User info from file:

	alias
	aws-account
	username
	generate-keys
	generate-login
	groups
	bucket

	"""
	output_order = [
	'login-url',
	'username',
	'password',
	'bucket',
	'access_key_id',
	'secret_access_key',
	]

	login_template = "https://%s.signin.aws.amazon.com/console"

	pw_chars = string.ascii_letters + string.digits + string.punctuation

	parser = argparse.ArgumentParser(description='This is a user add script.')
	parser.add_argument('-a', '--accountid', help='Account ID', required=True)
	parser.add_argument('-u', '--username', help='Username', required=True)
	parser.add_argument('-p', '--prefix', help='Prefix', required=True)
	parser.add_argument('-A', '--accesskey', help='Account Access Key', required=False)
	parser.add_argument('-S', '--secretkey', help='Account Secret Key', required=False)
	args = parser.parse_args()


	def get_pw(length=12):
	return ''.join(random.choice(pw_chars) for x in range(length))


	def ask_user_info():
	user_info = {'path': "/", 'username': args.username}
	# print "\n\nUser Information:\n"
	# user_info['generate-keys'] = raw_input("Create access keys? [Y/n]") or "y"
	# user_info['generate-login'] = raw_input("Create login name and password? [Y/n]") or "y"
	# user_info['path'] = raw_input("Path for user? [default: /]") or "/"
	return user_info


	def create_user(username, accountid, prefix):
	user_info = {'path': "/"}
	user_info["username"] = username
	user_info["aws-account"] = accountid
	iam_client = boto3.client("iam")

	if not user_info['path']:
	user_info['path'] = '/'

	try:
	user = iam_client.get_user(UserName=user_info['username'])

	except botocore.exceptions.ClientError as e:
	user = None
	if e.response['Error']['Code'] != "NoSuchEntity":
	raise
	if user:
	print('Username %s already exists' % user_info['username'])
	user_created = False
	else:
	user = iam_client.create_user(UserName=user_info['username'], Path=user_info['path'])
	user_created = True

	user_info['arn'] = user['User']['Arn']

	# generate login
	pw = get_pw()
	try:
	iam_client.create_login_profile(UserName=user_info['username'], Password=pw)
	user_info['password'] = pw
	user_info['login-url'] = login_template % user_info['aws-account']
	except botocore.exceptions.ClientError:
	raise

	# generate an access key and add the policy
	if user_created:
	# TODO future improvement, check for keys, and create for existing
	# user if not previously created
	key = iam_client.create_access_key(UserName=user_info['username'])[u'AccessKey']
	user_info['access_key_id'] = key[u'AccessKeyId']
	user_info['secret_access_key'] = key[u'SecretAccessKey']

	policydocument = json.dumps(
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:GetBucketLocation",
	"s3:ListAllMyBuckets"
	],
	"Resource": "arn:aws:s3:::*"
	},
	{
	"Effect": "Allow",
	"Action": ["s3:ListBucket"],
	"Resource": ["arn:aws:s3:::{}.{}".format(prefix, user_info['username'])]
	},
	{
	"Effect": "Allow",
	"Action": [
	"s3:PutObject",
	"s3:GetObject",
	"s3:DeleteObject"
	],
	"Resource": ["arn:aws:s3:::{}.{}/*".format(prefix, user_info['username'])]
	}
	]
	}
	)
	policyname = "{}.{}.access".format(prefix, user_info["username"])
	policydescription = "{}.{} bucket access policy".format(prefix, user_info["username"])

	try:
	policy = iam_client.create_policy(
	PolicyName=policyname,
	Path=user_info["path"],
	PolicyDocument=policydocument,
	Description=policydescription
	)[u'Policy']
	except botocore.exceptions.ClientError:
	raise

	try:
	iam_client.attach_user_policy(
	UserName=user_info["username"],
	PolicyArn=policy[u'Arn']
	)
	except botocore.exceptions.ClientError:
	raise

	try:
	s3_client = boto3.client("s3")
	user_info["bucket"] = "{}.{}".format(prefix, user_info["username"])
	s3_client.create_bucket(Bucket=user_info["bucket"])
	except botocore.exceptions.ClientError:
	raise

	# TODO only generate report if user created, not if updated
	ts = time.time()
	timestamp = datetime.datetime.fromtimestamp(ts).strftime(
	'%Y-%m-%d-%H-%M-%S')
	credfile = '%s-%s.csv' % (user_info['username'], timestamp)
	with open(credfile, 'wb') as f:
	writer = csv.DictWriter(f,
	fieldnames=output_order,
	restval='N/A',
	extrasaction='ignore',
	)
	writer.writerow(dict([(k, k) for k in output_order]))
	writer.writerow(user_info)
	user_info['credfile'] = credfile

	return user_info

	if __name__ == '__main__':
	created_user = create_user(args.username, args.accountid, args.prefix)
	print(created_user)