AWS utility scripts
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
awscli-mfa
clear-locked-sgs
volumes-and-snapshots
LICENSE
README.md
aws-iam-rotate-keys.sh
get-key-ages.py

README.md

AWS Utility Scripts

This repository contains non-proprietary (MIT license) utility scripts for use with AWS.

  • aws-iam-rotate-keys.sh - rotates AWS access keys stored in the user's ~/.aws/credentials file. If you have set the policy for a user to have maximum of two concurrent keys, this script will first make sure there is just one existing key by allowing user to delete an existing key that is not in use. It then proceeds to create the new keys, test that they work, replace the keys in the user's ~/.aws/credentials file, and finally remove the old key that was replaced. This is an interactive script, and as such it does not take arguments. The script was written for macOS, but portability for Linux has been added. Multiple profiles are supported, as is MFA when used in conjunction with awscli-mfa.sh script. The script also displays the key ages, and the actual IAM user name associated with each credential profile.

    For more details, read my blog post about this script here.

  • get-key-ages.py - List the ages of all AWS IAM API keys in the account (this assumes properly configured ~/.aws/config, and obviously sufficient access level to this information. Currently the output is tab delimited, and to the standard output, from where it can be cut-and-pasted to, say, Excel. In other words a quick-and-dirty utility script for a key age report.

  • clear-locked-sgs/ - two Node.js scripts to unlock cross-linked security groups and delete them.

  • volumes-and-snapshots/ - volumes-and-snapshots.js and deletor.js scripts for pruning abandoned (detached, available) volumes.