Created
September 4, 2021 06:07
-
-
Save vizv/399029789c6fbecafc4f6a3cd7bc8016 to your computer and use it in GitHub Desktop.
Generate AWS flavoured credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Reference: https://awsteele.com/blog/2020/09/26/aws-access-key-format.html | |
const ACCOUNT_OFFSET = 549755813888 // QAAAAAAA | |
const ACCOUNT_ID_MAX = 10 ** 12 | |
const AWS_BASE32_CHARSET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' | |
const AWS_BASE32_CHARSET_FULL_LEN = AWS_BASE32_CHARSET.length | |
const AWS_BASE32_CHARSET_HALF_LEN = AWS_BASE32_CHARSET_FULL_LEN / 2 | |
const BYTE_MAX = 2 ** 8 | |
const SECRET_BYTES = 30 | |
const toAwsBase32 = (number: number) => { | |
let result = '' | |
while (number > 0) { | |
result = AWS_BASE32_CHARSET[number % 32] + result | |
number = Math.floor(number / 32) | |
} | |
return result | |
} | |
const randomBase32 = (digits: number) => { | |
let result = '' | |
for (let i = 0; i < digits; i++) { | |
result += | |
AWS_BASE32_CHARSET[ | |
Math.floor(Math.random() * AWS_BASE32_CHARSET_FULL_LEN) | |
] | |
} | |
return result | |
} | |
const generateAccountId = () => Math.floor(Math.random() * ACCOUNT_ID_MAX) | |
const generateAccessKeyId = (accountId: number) => { | |
const oddEvenRandomChar = | |
AWS_BASE32_CHARSET[ | |
Math.floor(Math.random() * AWS_BASE32_CHARSET_HALF_LEN) + | |
AWS_BASE32_CHARSET_HALF_LEN * (accountId & 1) | |
] | |
return ( | |
'AKIA' + | |
toAwsBase32(Math.floor(accountId / 2) + ACCOUNT_OFFSET) + | |
oddEvenRandomChar + | |
randomBase32(7) | |
) | |
} | |
const generateSecretAccessKey = () => { | |
let result = new Uint8Array(SECRET_BYTES).map(() => Math.floor(Math.random() * BYTE_MAX)) | |
return Buffer.from(result).toString('base64') | |
} | |
const accountId = generateAccountId() | |
const accessKeyId = generateAccessKeyId(accountId) | |
const secretAccessKey = generateSecretAccessKey() | |
console.log('Account ID:', String(accountId).padStart(12, '0')) | |
console.log('Access Key ID:', accessKeyId) | |
console.log('Secret Access Key:', secretAccessKey) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment