Uly.me

cloud engineer

Home/Archives for delete

GCP SSL Certificates

Here’s how to create a regional SSL Certificate.

gcloud compute ssl-certificates create my-ssl-cert \
--description "describe ssl certificate" \
--domains=domain1.com,domain2.com \
--certificate=cert.pem \
--private-key=private.key \
--region=us-central1

List the SSL certificates.

gcloud compute ssl-certificates list --project=project-id

Describe the SSL certificate.

gcloud compute ssl-certificates describe my-ssl-cert \
--region=us-central1 \
--project=project-id

Delete SSL certificate.

gcloud compute ssl-certificates delete my-ssl-cert \
--region=us-central1 \
--project=project-id

AWS Rotate IAM Keys

Here’s a script that will rotate AWS IAM keys.

#!/bin/bash
# set files
user='johndoe'
newkey='/root/new-access-key.json'
oldkey='/root/old-access-key.json'
credentials='/root/.aws/credentials'
# get old credentials
aws iam list-access-keys --user-name $user > $oldkey
okey=$(jq .AccessKeyMetadata[0].AccessKeyId $oldkey | tr -d \")
# create new key
aws iam create-access-key --user-name $user > $newkey
# get new access keys and new secret
nkey=$(jq .AccessKey.AccessKeyId $newkey | tr -d \")
nsecret=$(jq .AccessKey.SecretAccessKey $newkey | tr -d \")
# backup old credentials
cp /root/.aws/credentials /root/.aws/credentials-backup
# store the new key
echo '[default]' > $credentials
echo 'aws_access_key_id = ' $nkey >> $credentials
echo 'aws_secret_access_key = '$nsecret >> $credentials
sleep 10
# delete old key
aws iam delete-access-key --user-name $user --access-key-id $okey
rm $newkey
rm $oldkey

The script performs the following:

  1. Retrieves the current key
  2. Creates a new key
  3. Backup the current credentials file
  4. Create a new credentials file
  5. Deletes the old key
  6. Deletes the temp files
  7. Done

AWS CLI IAM Keys

Here’s a few commands to create, delete and disable AWS user keys.

List user keys.

aws iam list-access-keys --user-name john.doe

Create access key. Results are printed on screen in JSON format.

aws iam create-access-key --user-name john.doe

Disable a key. The real key id is obfuscated.

aws iam update-access-key \
--access-key-id ******************** \
--status Inactive \
--user-name john.doe

Delete a key. They real key id is obfuscated.

aws iam delete-access-key \
--access-key-id ******************** \
--user-name john.doe