def access_key(self, s3_user):
connect = IAMConnection(self.admin_access_key, self.admin_secret_key)
key = connect.create_access_key(s3_user)
access_key = key['create_access_key_response'][u'create_access_key_result'][u'access_key'][u'access_key_id']
secret_key = key['create_access_key_response'][u'create_access_key_result'][u'access_key'][u'secret_access_key']
return s3_user, access_key, secret_key
def access_key(self, s3_user):
connect = IAMConnection(self.admin_access_key, self.admin_secret_key)
key = connect.create_access_key(s3_user)
access_key = key['create_access_key_response'][
u'create_access_key_result'][u'access_key'][u'access_key_id']
secret_key = key['create_access_key_response'][
u'create_access_key_result'][u'access_key'][u'secret_access_key']
return s3_user, access_key, secret_key
def create_iam_user():
"""Create a new IAM user.
:rtype: json
:returns: The resource uri of the new user, the ARN of the user, the user's
access key, and their secret key.
Usage::
$ curl -H "Content-Type: application/json" -X POST --data '{"user_name": "rdegges"}' /iam
{
"resource_uri": "http://dummy",
"arn": "arn:aws:iam::xxxxxxxxxxxx:user/user_name",
"aws_access_key_id": "blah"
"aws_secret_access_key": "blah"
}
"""
user_name = request.json.get("user_name") if request.json else None
# If no user name is specified in the request, fail immediately:
if not user_name:
return (None, 400)
# Create the new IAM user:
conn = IAMConnection(app.config["AWS_ACCESS_KEY_ID"], app.config["AWS_SECRET_ACCESS_KEY"])
create_user_resp = conn.create_user(user_name)
# Generate an AWS access key ID and secret access key for the new IAM user:
create_key_resp = conn.create_access_key(user_name=user_name)
# Store the new IAM user information:
user_data = {}
user_data["arn"] = create_user_resp["create_user_response"]["create_user_result"]["user"]["arn"]
user_data["aws_access_key_id"] = create_key_resp["create_access_key_response"]["create_access_key_result"][
"access_key"
]["access_key_id"]
user_data["aws_secret_access_key"] = create_key_resp["create_access_key_response"]["create_access_key_result"][
"access_key"
]["secret_access_key"]
user_data["resource_uri"] = "http://dummy"
return jsonify(user_data)
def s3_bucket_maker(answers):
access_key = os.environ['ACCESS_KEY_ID']
secret_key = os.environ['SECRET_ACCESS_KEY']
s3conn = S3Connection(access_key, secret_key)
iamconn = IAMConnection(access_key, secret_key)
bucket = s3conn.create_bucket(answers['bucket_name'])
print("BUCKET: %s created" % answers['bucket_name'])
user = None
try:
user = iamconn.get_user(answers['username'])
except boto.exception.BotoServerError, e:
if e.status == 404:
print('User not found... creating one')
user = iamconn.create_user(answers['username'])
keys = iamconn.create_access_key(answers['username'])
print(keys)
else:
raise e
for key in iam.get_all_access_keys(user_name).list_access_keys_response.list_access_keys_result.access_key_metadata:
print "DESTROY: Destroying access key %s of user %s" % (
key.access_key_id, user_name)
iam.delete_access_key(key.access_key_id, user_name)
print "DESTROY: Destructing old user %s" % (user_name,)
iam.delete_user(user_name)
if not user_exists or destructive:
print "INIITALIZE: User %s does not exist, creating" % (
user_name,)
user = iam.create_user(user_name)
print "INITIALIZE: Adding user %s to group %s" % (
user_name, group_name)
iam.add_user_to_group(group_name, user_name)
print "INITIALIZE: Creating new access key for user %s" % (
user_name,)
key = iam.create_access_key(user_name).create_access_key_response.create_access_key_result.access_key
access_key = key.access_key_id
secret_key = key.secret_access_key
print """
****************************************************************************
IMPORTANT! The secret key cannot be recovered later - make a note of it NOW!
User: %(userid)s
Access Key: %(accesskey)s
Secret Key: %(secretkey)s
Export: export AWS_ACCESS_KEY_ID=%(accesskey)s \
AWS_SECRET_ACCESS_KEY=%(secretkey)s
****************************************************************************
""" % {
username = raw_input('please input a name for iam create: ')
#create the user on aws/iam
create = iamconn.create_user(username)
#diplay the user you created
data = iamconn.get_user(user_name=username)
print "useername is:%s" % data.get_user_result.user.user_name
#print type(data)
#create access_key
key = iamconn.create_access_key(user_name=username)
#keys/aws side of things
key_id = key.create_access_key_response.create_access_key_result.access_key.access_key_id
key_key = key.create_access_key_response.create_access_key_result.access_key.secret_access_key
print "aws_key_id:%s" % key_id
print "aws_key_key:%s" % key_key
#put the user policy
plicy_json = """{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
username=raw_input('please input a name for iam create: ')
#create user
create = iamconn.create_user(username)
#print create
data = iamconn.get_user(user_name=username)
print "useername is:%s" % data.get_user_result.user.user_name
#print type(data)
#create access_key
key = iamconn.create_access_key(user_name=username)
key_id=key.create_access_key_response.create_access_key_result.access_key.access_key_id
key_key=key.create_access_key_response.create_access_key_result.access_key.secret_access_key
print "aws_key_id:%s" % key_id
print "aws_key_key:%s" % key_key
#put the user policy
plicy_json="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ses:SendRawEmail",
