New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a script to remove AWS user's MFA devices and access keys #101
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Although you may want to add it to the readme so folks know it's available.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to anything not bash.
Thank you for this!
# Remove Access Keys | ||
# | ||
|
||
ACCESS_KEYS=$(aws iam list-access-keys --user-name maz | jq -r ".AccessKeyMetadata[].AccessKeyId") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should --user-name maz
be hardcoded?
I suspect this should be
ACCESS_KEYS=$(aws iam list-access-keys --user-name ${USERNAME} | jq -r ".AccessKeyMetadata[].AccessKeyId")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know you merged, but I think there's an issue in here.
# Remove Access Keys | ||
# | ||
|
||
ACCESS_KEYS=$(aws iam list-access-keys --user-name maz | jq -r ".AccessKeyMetadata[].AccessKeyId") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should --user-name maz
be hardcoded?
I suspect this should be
ACCESS_KEYS=$(aws iam list-access-keys --user-name ${USERNAME} | jq -r ".AccessKeyMetadata[].AccessKeyId")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch! I can't believe that snuck in here. I'll make a new PR.
This is a script I wrote to help remove user's creds before using terraform to remove their IAM users. Would be nice to convert this to golang at some point but for now I'm parking it here.
Source is from a gist I shared here: https://gist.github.com/chrisgilmerproj/3a06cf0ec4f4444af1a52149f3645a4a