Skip to content

Instantly share code, notes, and snippets.

@pcreux

pcreux/rotate-aws-access-keys.rb

Created October 27, 2016 21:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pcreux/6ed609b68cb44b15a3ec567ef1b7a80e to your computer and use it in GitHub Desktop.
Save pcreux/6ed609b68cb44b15a3ec567ef1b7a80e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
rotate-aws-access-keys.rb
#!/usr/bin/env ruby
require 'json'
# 1. Generate new access key
new_access_key_json = `aws iam create-access-key`
new_access_key_attributes = JSON.parse(new_access_key_json).fetch("AccessKey")
new_access_key_id = new_access_key_attributes.fetch("AccessKeyId")
new_secret_access_key= new_access_key_attributes.fetch("SecretAccessKey")
puts "New AWS access key generated!"
puts ""
puts "Environment variables:"
puts "export AWS_ACCESS_KEY_ID=#{new_access_key_id}"
puts "export AWS_SECRET_ACCESS_KEY=#{new_secret_access_key}"
puts ""
puts "~/.aws/credentials:"
puts "aws_access_key_id=#{new_access_key_id}"
puts "aws_secret_access_key=#{new_secret_access_key}"
puts ""
# 2. Drop other access keys
access_key_list_json = `aws iam list-access-keys`
access_key_list_attributes = JSON.parse(access_key_list_json).fetch("AccessKeyMetadata")
access_key_list_attributes.each do |access_key_attributes|
next if access_key_attributes.fetch("AccessKeyId") == new_access_key_id
loop do
puts "Delete old access key? [y/n] #{access_key_attributes.inspect}"
case STDIN.gets.chomp.downcase
when "y", "yes"
if system "aws iam delete-access-key --access-key-id #{access_key_attributes.fetch("AccessKeyId")}"
puts "Old access key deleted successfully!"
break
else
puts "Failed to delete old access key :-("
exit(-1)
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment