Created
November 16, 2020 11:24
-
-
Save l1x/8e4c668bd2808fd8c7db1ab087de23fc to your computer and use it in GitHub Desktop.
Updating managed policy in AWS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| #set -x | |
| AWS_PROFILE="dev-deploy" | |
| POLICY_ARN="arn:aws:iam::2314123:policy/PolicyName" | |
| POLICY_DOC="file://policies/PolicyNameOnDisk.json" | |
| which aws >/dev/null 2>&1 || ("ERROR: aws command is not installed!"; exit 1) | |
| which jq >/dev/null 2>&1 || ("ERROR: jq command is not installed!"; exit 1) | |
| echo "AWS_PROFILE: ${AWS_PROFILE}" > /dev/stderr | |
| echo "POLICY_ARN : ${POLICY_ARN}" > /dev/stderr | |
| echo "POLICY_DOC : ${POLICY_DOC}" > /dev/stderr | |
| # At most 5 policy versions can be stored at a time. | |
| # Oldest needs to be deleted to be able to be able to upload a new version | |
| function get_fifth_policy_version(){ | |
| aws --profile "${AWS_PROFILE}" \ | |
| iam list-policy-versions \ | |
| --policy-arn "${POLICY_ARN}" \ | |
| | jq -r ".Versions[4].VersionId" \ | |
| | sed '/^null$/d' | |
| } | |
| old="$(get_fifth_policy_version)" | |
| if [ -n "${old}" ]; | |
| then | |
| echo "Deleting oldest policy version ${old}" > /dev/stderr | |
| aws --profile "${AWS_PROFILE}" \ | |
| iam delete-policy-version \ | |
| --policy-arn "${POLICY_ARN}" \ | |
| --version-id "$old" | |
| fi | |
| echo "Uploading policy..." > /dev/stderr | |
| aws --profile "${AWS_PROFILE}" \ | |
| iam create-policy-version \ | |
| --policy-arn "${POLICY_ARN}" \ | |
| --policy-document "${POLICY_DOC}" \ | |
| --set-as-default |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment