Skip to content

Instantly share code, notes, and snippets.

@knishioka

knishioka/create_new_aws_credential.sh

Last active July 6, 2019 16:27
Show Gist options
  • Save knishioka/86df4725105bd28d910fb67613c81b76 to your computer and use it in GitHub Desktop.
Save knishioka/86df4725105bd28d910fb67613c81b76 to your computer and use it in GitHub Desktop.
Download ZIP
create new aws credential key and set it to aws cli and s3cmd
Raw
create_new_aws_credential.sh
# 使い方
# curl https://gist.githubusercontent.com/knishioka/86df4725105bd28d910fb67613c81b76/raw/create_new_aws_credential.sh | bash -s username
# usernameに対象となるユーザを指定
# linuxのユーザ名とiamのユーザ名同じ場合を想定
username=$1
echo $username
# 古いキーを取得。一つのアカウントに付き一つのキーで管理しているとする
old_key=$(aws iam list-access-keys --user-name $username | jq -r '.AccessKeyMetadata[0].AccessKeyId')
# 新しいキーを作成
aws=$(aws iam create-access-key --user-name $username)
# 新しい認証情報を変数に入れておく
access_key=$(jq -r '.AccessKey.AccessKeyId' <<< $aws)
access_token=$(jq -r '.AccessKey.SecretAccessKey' <<< $aws)
# 対象となるユーザのaws cliとs3cmdの設定ファイルを更新していく
sudo -Hu $username bash -c "aws configure set aws_access_key_id $access_key"
sudo -Hu $username bash -c "aws configure set aws_secret_access_key $access_token"
sudo -Hu $username bash -c ".pyenv/shims/s3cmd --configure --secret_key=$access_key --access_token=$access_token --region=ap-northeast-1 -s --no-encrypt --dump-config > ~/.s3cfg"
sudo -Hu $username bash -c 'chmod 600 ~/.s3cfg'
# 古いキーの削除
aws iam delete-access-key --user-name $username --access-key-id=$old_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment