Last active
March 23, 2023 21:39
-
-
Save swamibluedata/6a7f5b16a58001035d1261c234a88bea to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
###### CREATE USER WTTH TAGS FOR PROGRAMMATIC ACCESS AND ATTACH A POLICY | |
USER_NAME="test-user" | |
CUSTOMER_NAME="foo" | |
POLICY=_NAME="s3-access" | |
# Create a user, disable portal login | |
aws iam create-user --user-name $USER_NAME --tags Key=Customer,Value=$CUSTOMER_NAME | |
# Create a user with accesskey/secretkey. This should print the keys that can be used to access aws resource | |
aws iam create-access-key --user-name $USER_NAME | |
# Put a policy for the user, this policy allows the user to just list all buckets, we will need | |
# use something similar for accessing dynamodb | |
aws iam put-user-policy --user-name $USER_NAME --policy-name $POLICY_NAME --policy-document \ | |
'{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
}' | |
# To test it out from another console, set the following variables | |
# create-access-key command would have printed them out | |
export AWS_ACCESS_KEY_ID="" | |
export AWS_SECRET_ACCESS_KEY="" | |
export AWS_DEFAULT_REGION="us-east-1" | |
######### DELETION PROCESS | |
# Delete all accesskeys associated with a user | |
ALL_ACCESS_KEYS=$(aws iam list-access-keys --user-name $USER_NAME | jq -r .AccessKeyMetadata[].AccessKeyId) | |
for access_key in $ALL_ACCESS_KEYS | |
do | |
echo "deleting accesskey $access_key for user $USER_NAME" | |
aws iam delete-access-key --user-name $USER_NAME --access-key-id $access_key | |
done | |
# Delete user-policy | |
aws iam delete-user-policy --user-name $USER_NAME --policy-name $POLICY_NAME | |
# Delete the user | |
aws iam delete-user --user-name $USER_NAME | |
######## PERIODICALLY WE SHOULD DELETE ACCESSKEYS AN REGENERATE THEM. This will have to be passed to EzUA somehow? | |
ALL_ACCESS_KEYS=$(aws iam list-access-keys --user-name $USER_NAME | jq -r .AccessKeyMetadata[].AccessKeyId) | |
for access_key in $ALL_ACCESS_KEYS | |
do | |
echo "deleting accesskey $access_key for user $USER_NAME" | |
aws iam delete-access-key --user-name $USER_NAME --access-key-id $access_key | |
done | |
# Create a user with accesskey/secretkey. This should print the keys that can be used to access aws resource | |
aws iam create-access-key --user-name $USER_NAME | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment