gordcorp · January 8, 2019 05:11
diff --git a/rotate.sh b/rotate.sh

 function trim_to_one_access_key(){
    iam_user=$1
    key_count=$(aws iam list-access-keys --user-name "${iam_user}" | jq '.AccessKeyMetadata | length')
    if [[ $key_count > 1 ]]; then
        oldest_key_id=$(aws iam list-access-keys --user-name "${iam_user}" | jq -r '.AccessKeyMetadata |= sort_by(.CreateDate) | .AccessKeyMetadata | first | .AccessKeyId')
        aws iam delete-access-key --user-name "${iam_user}" --access-key-id "${oldest_key_id}"
    fi
 }

 iam_user=username-here

 trim_to_one_access_key $iam_user

 output="$(aws iam create-access-key --user-name "${iam_user}")"
 aws_access_key_id="$(echo $output | jq -r .AccessKey.AccessKeyId)"
 aws_secret_access_key="$(echo $output | jq -r .AccessKey.SecretAccessKey)"

 # save away the new creds, make sure the old ones arent being used. 

 # When safe to delete the old creds:
 trim_to_one_access_key $iam_user

	function trim_to_one_access_key(){
	iam_user=$1
	key_count=$(aws iam list-access-keys --user-name "${iam_user}" \| jq '.AccessKeyMetadata \| length')
	if [[ $key_count > 1 ]]; then
	oldest_key_id=$(aws iam list-access-keys --user-name "${iam_user}" \| jq -r '.AccessKeyMetadata \|= sort_by(.CreateDate) \| .AccessKeyMetadata \| first \| .AccessKeyId')
	aws iam delete-access-key --user-name "${iam_user}" --access-key-id "${oldest_key_id}"
	fi
	}

	iam_user=username-here

	trim_to_one_access_key $iam_user

	output="$(aws iam create-access-key --user-name "${iam_user}")"
	aws_access_key_id="$(echo $output \| jq -r .AccessKey.AccessKeyId)"
	aws_secret_access_key="$(echo $output \| jq -r .AccessKey.SecretAccessKey)"

	# save away the new creds, make sure the old ones arent being used.

	# When safe to delete the old creds:
	trim_to_one_access_key $iam_user