/
rotate-key.py
executable file
·58 lines (49 loc) · 1.62 KB
/
rotate-key.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/python
import boto.iam, boto.exception
import argparse
parser = argparse.ArgumentParser(description="Rotate Access Keys.")
parser.add_argument(
"-u",
"--user",
required=True,
help="The IAM user to rotate the key for."
)
parser.add_argument(
"-a",
"--access_key_id",
help="The access key to rotate and use for authentication."
)
parser.add_argument(
"-s",
"--secret_access_key",
help="The secret key to rotate and use for authentication."
)
args = parser.parse_args()
if not args.access_key_id:
args.access_key_id = raw_input("Enter Access Key: ")
if not args.secret_access_key:
args.secret_access_key = raw_input("Enter Secret Key: ")
iam = boto.iam.connection.IAMConnection(
aws_access_key_id=args.access_key_id,
aws_secret_access_key=args.secret_access_key
)
try:
response = iam.create_access_key(args.user)
except boto.exception.BotoServerError as e:
print "Cannot create new keys: %s" % e
raise
access_key = response['create_access_key_response']['create_access_key_result']['access_key']
print """Access Key: %s
Secret Key. %s""" % (
access_key['access_key_id'],
access_key['secret_access_key']
)
ans = raw_input("Ready to delete Access Key %s? (yes/no) " % args.access_key_id)
if ans == "yes":
try:
iam.delete_access_key(args.access_key_id, args.user)
except boto.exception.BotoServerError as e:
print "Cannot remove old key: %s" % e
raise
else:
print "Warning: your old Access Key was kept. Be sure to clean up the mess."