cbrand/ps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
ps/Modules/Cole.PowerShell.Developer/Public/Update-AWSCLIAccessKey.ps1
jcolebrand c34cead304 First full commit
2023-05-30 22:51:22 -07:00

121 lines
4.3 KiB
PowerShell
Raw Permalink Blame History

function Update-AWSCLIAccessKey {
<#
.SYNOPSIS
This function can change your AWS Access Key following the 90 day requirement.
.PARAMETER username
The username of the current user
.PARAMETER profile
Probably "default". That's the ... err ... default. Blame gorg whiting, he asked for this param. idk man.
#>
[CmdletBinding()]
param(
[Parameter(Mandatory=$false,Position=0)]
$username = $env:UserName,
[Parameter(Mandatory=$false,Position=1)]
$profile = "default"
)
# This is the Alkami process
if (!$username.EndsWith("-cli")) {
$username = "$username-cli"
}
Write-Host "Attempting to configure credentials for $username"
$credentialsPath = "~/.aws/credentials"
$resolvedCredentialsPath = (Resolve-Path -Path $credentialsPath -ErrorAction SilentlyContinue)
if (($null -eq $resolvedCredentialsPath) -or !(Test-Path $resolvedCredentialsPath)) {
Write-Warning "Could not find the path for $credentialsPath"
Write-Warning "Please ensure the credentials file already exists."
Write-Warning "If you need a sample file please visit https://confluence.alkami.com/display/SECURITY/AWS+CLI+MFA"
}
$existingCredentialsFile = (Get-Content $resolvedCredentialsPath)
$haveFoundLineProfile = $false
$haveFoundLineKeyId = $false
$haveFoundLineSecretKey = $false
$existingKeyId = $null
foreach($line in $existingCredentialsFile) {
if ($haveFoundLineProfile -and $haveFoundLineKeyId -and $haveFoundLineSecretKey) {
break
}
if ($line.Trim() -eq "[$profile]") {
$haveFoundLineProfile = $true
continue
}
if ($haveFoundLineProfile) {
if ($line -match "aws_access_key_id") {
if (!$haveFoundLineKeyId) {
$haveFoundLineKeyId = $true
$existingKeyId = ($line -split "=")[1].Trim()
continue
}
}
if ($line -match "aws_secret_access_key") {
if (!$haveFoundLineSecretKey) {
$haveFoundLineSecretKey = $true
continue
}
}
}
}
if (!$haveFoundLineProfile) {
throw "could not find the specified profile parameter [$profile] in the file"
}
if ($null -eq $existingKeyId) {
Write-Warning "There was no valid key found for the file at ~/.aws/credentials"
Write-Warning "While the magic string could be inserted, it is better to just update in place."
Write-Warning "Please ensure the file contains a key/pair entry for aws_access_key_id and aws_secret_access_key"
}
$newIdentityRaw = (aws iam create-access-key --user-name $username --no-verify-ssl --profile $profile)
$newIdentity = ConvertFrom-Json ($newIdentityRaw | Out-String)
if (($null -eq $newIdentity.AccessKey.AccessKeyId) -or ($null -eq $newIdentity.AccessKey.SecretAccessKey)) {
throw "Did not get a valid aws response back. oh bother.`r`n$newIdentityRaw"
}
$newlines = @()
$haveFoundLineProfile = $false
foreach($line in $existingCredentialsFile) {
if ($line.Trim() -eq "[$profile]") {
$haveFoundLineProfile = $true
$newlines += $line
continue
}
if ($line.Trim().StartsWith("[") -and -not ($line.Trim() -eq "[$profile]")) {
$haveFoundLineProfile = $false
}
if ($haveFoundLineProfile -and $line -match "aws_access_key_id") {
$newlines += "aws_access_key_id = $($newIdentity.AccessKey.AccessKeyId)"
continue
}
if ($haveFoundLineProfile -and $line -match "aws_secret_access_key") {
$newlines += "aws_secret_access_key = $($newIdentity.AccessKey.SecretAccessKey)"
continue
}
$newlines += $line
}
Write-Host ""
Write-Host "about to delete the following key (in case this breaks, you have this output line)"
Write-Warning "aws iam delete-access-key --access-key-id $existingKeyId --user-name $username --no-verify-ssl --profile $profile"
Write-Host ""
aws iam delete-access-key --access-key-id $existingKeyId --user-name $username --no-verify-ssl --profile $profile
Set-Content -Value $newlines -Path $credentialsPath
Write-Host "all done"
}
Reference in New Issue View Git Blame Copy Permalink