Last active
November 12, 2018 20:40
-
-
Save morganpyne/b9f05a32d98090f025c50be7d26ea9c9 to your computer and use it in GitHub Desktop.
Rotate all the AWS secret keys in your named profiles.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# | |
# Rotate all the AWS access keys found in your ~/.aws/credentials file | |
# Depends on : https://github.com/Fullscreen/aws-rotate-key to do | |
# the actual rotation. | |
# | |
# Alternatively - start using "aws-vault" to do this stuff properly :D | |
# | |
credentials_file=~/.aws/credentials | |
creds=$(< ${credentials_file}) | |
regex="^\[(.*)\]" | |
# | |
# Check if the terminal supports colours | |
# | |
if test -t 1; then | |
ncolors=$(tput colors) | |
if test -n "$ncolors" && test $ncolors -ge 8; then | |
bold="$(tput bold)" | |
underline="$(tput smul)" | |
standout="$(tput smso)" | |
normal="$(tput sgr0)" | |
black="$(tput setaf 0)" | |
red="$(tput setaf 1)" | |
green="$(tput setaf 2)" | |
yellow="$(tput setaf 3)" | |
blue="$(tput setaf 4)" | |
magenta="$(tput setaf 5)" | |
cyan="$(tput setaf 6)" | |
white="$(tput setaf 7)" | |
fi | |
fi | |
# | |
# Verify aws-rotate-key is installed | |
# | |
command -v aws-rotate-key >/dev/null 2>&1 || { cat >&2 <<EOT | |
${red}This script depends on aws-rotate-keys (https://github.com/Fullscreen/aws-rotate-key)${normal} | |
Install it as follows: | |
${bold}brew tap fullscreen/tap && brew install fullscreen/tap/aws-rotate-key${normal} | |
EOT | |
exit 1; | |
} | |
# | |
# Prompt to confirm | |
# | |
echo "${bold}${green}${underline}Rotating all AWS Access Keys${normal}" | |
echo | |
echo "${green}Using named profiles from : ${bold}${credentials_file}${normal}" | |
echo | |
read -p "${red}Are you sure you want to continue? (Y/n)${normal} " -n 1 -r | |
echo | |
if [[ ! $REPLY =~ ^[Yy]$ ]] | |
then | |
[[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 | |
fi | |
# | |
# Iterate through all the named profiles, rotate the keys | |
# | |
for line in $creds | |
do | |
if [[ $line =~ $regex ]] | |
then | |
section="${BASH_REMATCH[1]}" | |
echo | |
echo "${green}Found profile : ${bold}[${section}]${normal}" | |
echo | |
aws-rotate-key -y -profile "$section" | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment