indradhanush/rotate-aws-iam-keys.sh

## rotate-aws-iam-keys.sh
#!/bin/bash
#
# This script rotates your aws access keys by creating
# a new one and deleting the older one.

# Requirements
# You must have a working aws cli configured already
# Run `aws configure` otherwise first before running this script.

# Installation & Usage
# Download the file
# Run `chmod +x rotate-aws-iam-keys.sh`
# Run `./rotate-aws-iam-keys`

# Limitations
# There is a max limit of 2 key pairs on AWS.
# As a result, this script will not work if you already
# have 2 access key pairs created. Because the script first
# creates a new key pair, and then deletes the older one

set -e

echo "Fetching current access keys in use..."
CURRENT_ACCESS_KEYS=$(aws iam list-access-keys)

CURRENT_ACCESS_KEY_ID=$(echo "$CURRENT_ACCESS_KEYS" | jq ".AccessKeyMetadata[0].AccessKeyId" | tr -d '"')
echo "Current access key id: $CURRENT_ACCESS_KEY_ID"

NEW_ACCESS_KEYS=$(aws iam create-access-key)

AWS_ACCESS_KEY_ID=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.AccessKeyId" | tr -d '"')
AWS_SECRET_ACCESS_KEY=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.SecretAccessKey" | tr -d '"')

echo "Configuring aws cli with access key $AWS_ACCESS_KEY_ID and secret access key $AWS_SECRET_ACCESS_KEY"

aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY

# Wait for the new keys to propagate to AWS
sleep 5

echo "Deleting access key $CURRENT_ACCESS_KEY_ID..."

aws iam delete-access-key --access-key-id $CURRENT_ACCESS_KEY_ID
	#!/bin/bash
	#
	# This script rotates your aws access keys by creating
	# a new one and deleting the older one.

	# Requirements
	# You must have a working aws cli configured already
	# Run `aws configure` otherwise first before running this script.

	# Installation & Usage
	# Download the file
	# Run `chmod +x rotate-aws-iam-keys.sh`
	# Run `./rotate-aws-iam-keys`

	# Limitations
	# There is a max limit of 2 key pairs on AWS.
	# As a result, this script will not work if you already
	# have 2 access key pairs created. Because the script first
	# creates a new key pair, and then deletes the older one

	set -e

	echo "Fetching current access keys in use..."
	CURRENT_ACCESS_KEYS=$(aws iam list-access-keys)

	CURRENT_ACCESS_KEY_ID=$(echo "$CURRENT_ACCESS_KEYS" \| jq ".AccessKeyMetadata[0].AccessKeyId" \| tr -d '"')
	echo "Current access key id: $CURRENT_ACCESS_KEY_ID"

	NEW_ACCESS_KEYS=$(aws iam create-access-key)

	AWS_ACCESS_KEY_ID=$(echo "$NEW_ACCESS_KEYS" \| jq ".AccessKey.AccessKeyId" \| tr -d '"')
	AWS_SECRET_ACCESS_KEY=$(echo "$NEW_ACCESS_KEYS" \| jq ".AccessKey.SecretAccessKey" \| tr -d '"')

	echo "Configuring aws cli with access key $AWS_ACCESS_KEY_ID and secret access key $AWS_SECRET_ACCESS_KEY"

	aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
	aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY

	# Wait for the new keys to propagate to AWS
	sleep 5

	echo "Deleting access key $CURRENT_ACCESS_KEY_ID..."

	aws iam delete-access-key --access-key-id $CURRENT_ACCESS_KEY_ID