Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # This script rotates your aws access keys by creating
- # a new one and deleting the older one.
- # Requirements
- # You must have a working aws cli configured already
- # Run `aws configure` otherwise first before running this script.
- # Installation & Usage
- # Download the file
- # Run `chmod +x rotate-aws-iam-keys.sh`
- # Run `./rotate-aws-iam-keys`
- # Limitations
- # There is a max limit of 2 key pairs on AWS.
- # As a result, this script will not work if you already
- # have 2 access key pairs created. Because the script first
- # creates a new key pair, and then deletes the older one
- set -e
- echo "Fetching current access keys in use..."
- CURRENT_ACCESS_KEYS=$(aws iam list-access-keys)
- CURRENT_ACCESS_KEY_ID=$(echo "$CURRENT_ACCESS_KEYS" | jq ".AccessKeyMetadata[0].AccessKeyId" | tr -d '"')
- echo "Current access key id: $CURRENT_ACCESS_KEY_ID"
- NEW_ACCESS_KEYS=$(aws iam create-access-key)
- AWS_ACCESS_KEY_ID=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.AccessKeyId" | tr -d '"')
- AWS_SECRET_ACCESS_KEY=$(echo "$NEW_ACCESS_KEYS" | jq ".AccessKey.SecretAccessKey" | tr -d '"')
- echo "Configuring aws cli with access key $AWS_ACCESS_KEY_ID and secret access key $AWS_SECRET_ACCESS_KEY"
- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- # Wait for the new keys to propagate to AWS
- sleep 5
- echo "Deleting access key $CURRENT_ACCESS_KEY_ID..."
- aws iam delete-access-key --access-key-id $CURRENT_ACCESS_KEY_ID
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement