dpwrussell · July 24, 2018 17:19
diff --git a/README.md b/README.md
diff --git a/create_aws_user.py b/create_aws_user.py
 import argparse
 import boto3
 from botocore.exceptions import ClientError
 import random
 import string
 import sys

 LOGIN_LINK = 'https://syspharm.signin.aws.amazon.com/console'
 INSTRUCTIONS_KEYS = ('https://docs.aws.amazon.com/IAM/latest/UserGuide/'
                     'id_credentials_access-keys.html#Using_CreateAccessKey')
 INSTRUCTIONS_CLI = 'https://aws.amazon.com/cli/'
 INSTRUCTIONS_CLI_CONFIG = ('https://docs.aws.amazon.com/cli/latest/userguide/'
                           'cli-chap-getting-started.html')

 parser = argparse.ArgumentParser(description='Create an IAM user which can'
                                 'manage its own account (Users group), plus'
                                 'any capabilites granted by the groups'
                                 'specified. Note that it is necessary to '
                                 'have permissions to manage IAM users to use '
                                 'this script!')
 parser.add_argument('username', type=str,
                    help='Desired username.')
 parser.add_argument('--group', action='append', type=str,
                    help=('A group to add this user to. Can be used '
                          'multiple times.'))
 args = parser.parse_args()
 username = args.username
 password = ''.join(random.choices(string.ascii_uppercase + string.digits, k=8))
 groups = set(args.group + ['Users'])

 iam = boto3.client('iam')

 # Check the requested groups exist
 for group in groups:
    try:
        iam.get_group(GroupName=group)
    except ClientError as e:
        if e.response['Error']['Code'] == 'NoSuchEntity':
            print(f'Group does not exist: {group}')
            sys.exit(1)

 # Create the user
 user = iam.create_user(
    UserName=username
 )

 # Create a password for the specified username, granting access to the console
 # and requiring a password change on first login
 response = iam.create_login_profile(
    UserName=username,
    Password=password,
    PasswordResetRequired=True
 )


 # Add the user to the requested groups
 for group in groups:
    response = iam.add_user_to_group(
        GroupName=group,
        UserName=username,
    )

 print(f'''
 Please note that these credentials give you access to a shared AWS account
 that is running development and production systems for many people and projects
 within the lab. Please tread very carefully and avoid making changes that might
 affect other users.

 Username: {username}
 Password: {password}
 Login: {LOGIN_LINK}

 You will need to change your password on first login to the console.

 To access AWS programmatically you will need to generate access keys as
 described in these instructions:
 {INSTRUCTIONS_KEYS}

 The AWS CLI is very useful and can be installed as described here:
 {INSTRUCTIONS_CLI}

 The AWS CLI can be configured as described here:
 {INSTRUCTIONS_CLI_CONFIG}
 ''')
	import argparse
	import boto3
	from botocore.exceptions import ClientError
	import random
	import string
	import sys

	LOGIN_LINK = 'https://syspharm.signin.aws.amazon.com/console'
	INSTRUCTIONS_KEYS = ('https://docs.aws.amazon.com/IAM/latest/UserGuide/'
	'id_credentials_access-keys.html#Using_CreateAccessKey')
	INSTRUCTIONS_CLI = 'https://aws.amazon.com/cli/'
	INSTRUCTIONS_CLI_CONFIG = ('https://docs.aws.amazon.com/cli/latest/userguide/'
	'cli-chap-getting-started.html')

	parser = argparse.ArgumentParser(description='Create an IAM user which can'
	'manage its own account (Users group), plus'
	'any capabilites granted by the groups'
	'specified. Note that it is necessary to '
	'have permissions to manage IAM users to use '
	'this script!')
	parser.add_argument('username', type=str,
	help='Desired username.')
	parser.add_argument('--group', action='append', type=str,
	help=('A group to add this user to. Can be used '
	'multiple times.'))
	args = parser.parse_args()
	username = args.username
	password = ''.join(random.choices(string.ascii_uppercase + string.digits, k=8))
	groups = set(args.group + ['Users'])

	iam = boto3.client('iam')

	# Check the requested groups exist
	for group in groups:
	try:
	iam.get_group(GroupName=group)
	except ClientError as e:
	if e.response['Error']['Code'] == 'NoSuchEntity':
	print(f'Group does not exist: {group}')
	sys.exit(1)

	# Create the user
	user = iam.create_user(
	UserName=username
	)

	# Create a password for the specified username, granting access to the console
	# and requiring a password change on first login
	response = iam.create_login_profile(
	UserName=username,
	Password=password,
	PasswordResetRequired=True
	)


	# Add the user to the requested groups
	for group in groups:
	response = iam.add_user_to_group(
	GroupName=group,
	UserName=username,
	)

	print(f'''
	Please note that these credentials give you access to a shared AWS account
	that is running development and production systems for many people and projects
	within the lab. Please tread very carefully and avoid making changes that might
	affect other users.

	Username: {username}
	Password: {password}
	Login: {LOGIN_LINK}

	You will need to change your password on first login to the console.

	To access AWS programmatically you will need to generate access keys as
	described in these instructions:
	{INSTRUCTIONS_KEYS}

	The AWS CLI is very useful and can be installed as described here:
	{INSTRUCTIONS_CLI}

	The AWS CLI can be configured as described here:
	{INSTRUCTIONS_CLI_CONFIG}
	''')