add list, delete options

terraform-modules · Aug 15, 2019 · b693cf1 · b693cf1
1 parent 4615b63
commit b693cf1
Showing 1 changed file with 16 additions and 38 deletions.
diff --git a/audit-output-creds.sh b/audit-output-creds.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 
 # creates a file in /tmp/{scan_user}.{account}.{date}.txt
+# call "list" in arg to list the key
+# call "delete" in arg to delete the key
+# call nothing and create the file
 
 if [ -r $HOME/.tf-control ]
 then
@@ -18,6 +21,7 @@ fi
 
 DATE=$(date +%Y%m%d)
 S_ACCOUNT=$($TERRAFORM output caller_account_id)
+profile=$($TERRAFORM output profile)
 #S_USER=$($TERRAFORM output scan_user)
 S_FILE="/tmp/${S_USER}.${S_ACCOUNT}.$DATE.txt"
 
@@ -49,44 +53,18 @@ do
 
   ls -al $S_FILE
   cat $S_FILE
+  echo "# list access keys"
+  echo "aws --profile $profile iam list-access-keys --user-name $S_USER"
+  if [[ -z $1 ]] && [[ $1 == "list" ]
+  then
+    aws --profile $profile iam list-access-keys --user-name $S_USER
+  fi 
+  echo "# delete access key"
+  echo "# aws --profile $profile iam delete-access-key --user-name $S_USER --access-key-id ${info["aws_access_key_id"]}"
+  if [[ -z $1 ]] && [[ $1 == "delete" ]
+  then
+    aws --profile $profile iam delete-access-key --user-name $S_USER --access-key-id ${info["aws_access_key_id"]}"
+  fi
 
   scount=$(( $scount + 1 ))
 done
-
-# in script form
-#echo "# file=$S_FILE" > $S_FILE
-#echo "# account=$S_ACCOUNT" >> $S_FILE
-#echo "# date=$DATE" >> $S_FILE
-#echo "scan_user=$S_USER" >> $S_FILE
-#( echo -n "scan_aws_access_key_id="; $TERRAFORM output scan_aws_access_key_id ) >> $S_FILE
-#( echo -n "scan_aws_secret_access_key="; $TERRAFORM output scan_aws_secret_access_key | base64 --decode | ( gpg --batch --decrypt 2> /dev/null) ; echo "" ) >> $S_FILE
-#echo "" >> $S_FILE
-#
-#cat $S_FILE
-
-
-## #service_profile=$($TERRAFORM output service_profile)
-## service_profile=""
-## profile=$($TERRAFORM output profile)
-## username=$($TERRAFORM output scan_user)
-## echo ""
-## if [ ! -z $service_profile ]
-## then
-##   echo "# test new access key after inserting above into $HOME/.aws/credentials in [$service_profile]"
-##   echo "aws --profile $service_profile iam list-access-keys --user-name $username"
-## else
-##   echo "# test new access key after inserting above into $HOME/.aws/credentials in [$profile]"
-##   echo "aws --profile $profile iam list-access-keys --user-name $username"
-## fi
-## 
-## old_access_key=$($TERRAFORM output aws_access_key_id_prev|sed -e 's/^.*=//')
-## if [ ! -z $old_access_key ]
-## then
-##   echo ""
-##   echo "# dissable old access key"
-##   echo "aws --profile $profile iam update-access-key --user-name $username --access-key-id $old_access_key --status Inactive"
-##   echo ""
-##   echo "# delete old access key (only necessary if haven't rotated twice)"
-##   echo "# aws --profile $profile iam delete-access-key --user-name $username --access-key-id $old_access_key"
-## fi
-##