#!/bin/bash## This script rotates your aws access keys by creating# a new one

1. #!/bin/bash
2. #
3. # This script rotates your aws access keys by creating
4. # a new one and deleting the older one.
5.  
6. # Requirements
7. # You must have a working aws cli configured already
8. # Run `aws configure` otherwise first before running this script.
9.  
10. # Installation & Usage
11. # Download the file
12. # Run `chmod +x rotate-aws-iam-keys.sh`
13. # Run `./rotate-aws-iam-keys`
14.  
15. # Limitations
16. # There is a max limit of 2 key pairs on AWS.
17. # As a result, this script will not work if you already
18. # have 2 access key pairs created. Because the script first
19. # creates a new key pair, and then deletes the older one
20.  
21. set -e
22.  
23. echo "Fetching current access keys in use..."
24. CURRENT_ACCESS_KEYS=$(aws iam list-access-keys)
25.  
26. CURRENT_ACCESS_KEY_ID=$(echo "$CURRENT_ACCESS_KEYS" | jq ".AccessKeyMetadata[0].AccessKeyId" | tr -d '"')
27. echo "Current access key id: $CURRENT_ACCESS_KEY_ID"
28.  
29. NEW_ACCESS_KEYS=$(aws iam create-access-key)
30.  
31. AWS_ACCESS_KEY_ID=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.AccessKeyId" | tr -d '"')
32. AWS_SECRET_ACCESS_KEY=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.SecretAccessKey" | tr -d '"')
33.  
34. echo "Configuring aws cli with access key $AWS_ACCESS_KEY_ID and secret access key $AWS_SECRET_ACCESS_KEY"
35.  
36. aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
37. aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
38.  
39. # Wait for the new keys to propagate to AWS
40. sleep 5
41.  
42. echo "Deleting access key $CURRENT_ACCESS_KEY_ID..."
43.  
44. aws iam delete-access-key --access-key-id $CURRENT_ACCESS_KEY_ID