Route53-iam.sh

delete_and_detach_policy.sh

#!/bin/bash -xe
policy_name=$1
[[ $# < 1 ]] && echo "$0 <policy_name>" && exit 1
account_id=$(aws sts get-caller-identity | jq -r '.Account')
arn=arn:aws:iam::${account_id}:policy/${policy_name}
if aws iam get-policy --policy-arn $arn 2>/dev/null; then
    aws iam list-entities-for-policy --policy-arn $arn > policy.json
    cat policy.json |
        jq -r '.PolicyGroups[].GroupName' |
        xargs -I{} echo aws iam detach-group-policy --group-name {} --policy-arn $arn |
        tee /dev/stderr |
        sh
    cat policy.json |
        jq -r '.PolicyUsers[].UserName' |
        xargs -I{} echo aws iam detach-user-policy --user-name {} --policy-arn $arn |
        tee /dev/stderr |
        sh
    cat policy.json |
        jq -r '.PolicyRoles[].RoleName' |
        xargs -I{} echo aws iam detach-role-policy --role-name {} --policy-arn $arn |
        tee /dev/stderr |
        sh
    rm policy.json
    aws iam delete-policy --policy-arn $arn
fi

Route53For.sh

#!/bin/bash -xe
domain_name=$1
[[ $# < 1 ]] && echo "$0 <domain_name>" && exit 1
name=$(echo $domain_name | tr -d '.')
policy_name=$(basename $0 .sh)$(echo ${name:0:1} | tr 'a-z' 'A-Z')${name:1}
hostedzone=$(aws route53 list-hosted-zones |
                    jq -r '.HostedZones[] | select(.Name == "'$domain_name'.") | .Id')
delete_policy=$(dirname $0)/delete_and_detach_policy.sh
[[ -f $delete_policy ]] && $delete_policy $policy_name
[[ -z $hostedzone ]] && echo "unknown domain name: ${domain_name}" && exit 1
cat <<EOF | tee /dev/stderr | \
    aws iam create-policy \
        --policy-name $policy_name \
        --policy-document file:///dev/stdin
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "route53:*",
            "Resource": [
                "arn:aws:route53:::${hostedzone:1}"
            ]
        }
    ]
}
EOF