Rotate all the AWS secret keys in your named profiles.

aws-roll-all-keys.sh

#!/bin/bash
set -e
#
# Rotate all the AWS access keys found in your ~/.aws/credentials file
# Depends on : https://github.com/Fullscreen/aws-rotate-key to do
# the actual rotation.
#
# Alternatively - start using "aws-vault" to do this stuff properly :D
#

credentials_file=~/.aws/credentials
creds=$(< ${credentials_file})
regex="^\[(.*)\]"

#
# Check if the terminal supports colours
#
if test -t 1; then
    ncolors=$(tput colors)
    if test -n "$ncolors" && test $ncolors -ge 8; then
        bold="$(tput bold)"
        underline="$(tput smul)"
        standout="$(tput smso)"
        normal="$(tput sgr0)"
        black="$(tput setaf 0)"
        red="$(tput setaf 1)"
        green="$(tput setaf 2)"
        yellow="$(tput setaf 3)"
        blue="$(tput setaf 4)"
        magenta="$(tput setaf 5)"
        cyan="$(tput setaf 6)"
        white="$(tput setaf 7)"
    fi
fi

#
# Verify aws-rotate-key is installed
#
command -v aws-rotate-key  >/dev/null 2>&1 || { cat >&2 <<EOT

${red}This script depends on aws-rotate-keys (https://github.com/Fullscreen/aws-rotate-key)${normal}

Install it as follows:

  ${bold}brew tap fullscreen/tap && brew install fullscreen/tap/aws-rotate-key${normal}

EOT

exit 1;
}

#
# Prompt to confirm
#
echo "${bold}${green}${underline}Rotating all AWS Access Keys${normal}"
echo
echo "${green}Using named profiles from : ${bold}${credentials_file}${normal}"
echo

read -p "${red}Are you sure you want to continue? (Y/n)${normal} " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1
fi


#
# Iterate through all the named profiles, rotate the keys
#
for line in $creds
do
  if [[ $line =~ $regex ]]
  then
    section="${BASH_REMATCH[1]}"
    echo
    echo "${green}Found profile : ${bold}[${section}]${normal}"
    echo
    aws-rotate-key -y -profile "$section"
  fi
done