AWS Rotate IAM Keys

#!/bin/bash
# set files
user='johndoe'
newkey='/root/new-access-key.json'
oldkey='/root/old-access-key.json'
credentials='/root/.aws/credentials'
# get old credentials
aws iam list-access-keys --user-name $user > $oldkey
okey=$(jq .AccessKeyMetadata[0].AccessKeyId $oldkey | tr -d \")
# create new key
aws iam create-access-key --user-name $user > $newkey
# get new access keys and new secret
nkey=$(jq .AccessKey.AccessKeyId $newkey | tr -d \")
nsecret=$(jq .AccessKey.SecretAccessKey $newkey | tr -d \")
# backup old credentials
cp /root/.aws/credentials /root/.aws/credentials-backup
# store the new key
echo '[default]' > $credentials
echo 'aws_access_key_id = ' $nkey >> $credentials
echo 'aws_secret_access_key = '$nsecret >> $credentials
sleep 10
# delete old key
aws iam delete-access-key --user-name $user --access-key-id $okey
rm $newkey
rm $oldkey

#!/bin/bash # set files user='johndoe' newkey='/root/new-access-key.json' oldkey='/root/old-access-key.json' credentials='/root/.aws/credentials' # get old credentials aws iam list-access-keys --user-name $user > $oldkey okey=$(jq .AccessKeyMetadata[0].AccessKeyId $oldkey | tr -d \") # create new key aws iam create-access-key --user-name $user > $newkey # get new access keys and new secret nkey=$(jq .AccessKey.AccessKeyId $newkey | tr -d \") nsecret=$(jq .AccessKey.SecretAccessKey $newkey | tr -d \") # backup old credentials cp /root/.aws/credentials /root/.aws/credentials-backup # store the new key echo '[default]' > $credentials echo 'aws_access_key_id = ' $nkey >> $credentials echo 'aws_secret_access_key = '$nsecret >> $credentials sleep 10 # delete old key aws iam delete-access-key --user-name $user --access-key-id $okey rm $newkey rm $oldkey