From ebd0b2d3b4b980f1e06c0077ddbada09425a8149 Mon Sep 17 00:00:00 2001 From: Nicholas Doropoulos Date: Thu, 30 Jan 2025 08:29:48 +0100 Subject: [PATCH 1/3] Add update_access_key function to the iam_operations.sh script --- aws-cli/bash-linux/iam/iam_operations.sh | 117 +++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/aws-cli/bash-linux/iam/iam_operations.sh b/aws-cli/bash-linux/iam/iam_operations.sh index 73a0e03db08..0b57cd9ec86 100644 --- a/aws-cli/bash-linux/iam/iam_operations.sh +++ b/aws-cli/bash-linux/iam/iam_operations.sh @@ -784,6 +784,123 @@ function iam_delete_role() { } # snippet-end:[aws-cli.bash-linux.iam.DeleteRole] +# snippet-start:[aws-cli.bash-linux.iam.UpdateAccessKey] +############################################################################### +# function iam_update_access_key +# +# This function can activate or deactivate an IAM access key for the specified IAM user. +# +# Parameters: +# -u user_name -- The name of the user. +# -k access_key -- The access key to update. +# -a -- Activate the selected access key. +# -d -- Deactivate the selected access key. +# +# Example: +# # To deactivate the selected access key for IAM user Bob +# iam_update_access_key -u Bob -k AKIAIOSFODNN7EXAMPLE -d +# +# Returns: +# 0 - If successful. +# 1 - If it fails. +############################################################################### +function iam_update_access_key() { + local user_name access_key status response + local option OPTARG # Required to use getopts command in a function. + local activate_flag=false deactivate_flag=false + + # bashsupport disable=BP5008 + function usage() { + echo "function iam_update_access_key" + echo "Updates the status of an AWS Identity and Access Management (IAM) access key for the specified IAM user" + echo " -u user_name The name of the user." + echo " -k access_key The access key to update." + echo " -a Activate the access key." + echo " -d Deactivate the access key." + echo "" + } + + # Retrieve the calling parameters. + while getopts "u:k:adh" option; do + case "${option}" in + u) user_name="${OPTARG}" ;; + k) access_key="${OPTARG}" ;; + a) activate_flag=true ;; + d) deactivate_flag=true ;; + h) + usage + return 0 + ;; + \?) + echo "Invalid parameter" + usage + return 1 + ;; + esac + done + export OPTIND=1 + + # Validate input parameters + if [[ -z "$user_name" ]]; then + errecho "ERROR: You must provide a username with the -u parameter." + usage + return 1 + fi + + if [[ -z "$access_key" ]]; then + errecho "ERROR: You must provide an access key with the -k parameter." + usage + return 1 + fi + + # Ensure that only -a or -d is specified + if [[ "$activate_flag" == true && "$deactivate_flag" == true ]]; then + errecho "ERROR: You cannot specify both -a (activate) and -d (deactivate) at the same time." + usage + return 1 + fi + + # If neither -a nor -d is provided, return an error + if [[ "$activate_flag" == false && "$deactivate_flag" == false ]]; then + errecho "ERROR: You must specify either -a (activate) or -d (deactivate)." + usage + return 1 + fi + + # Determine the status based on the flag + if [[ "$activate_flag" == true ]]; then + status="Active" + elif [[ "$deactivate_flag" == true ]]; then + status="Inactive" + fi + + iecho "Parameters:\n" + iecho " Username: $user_name" + iecho " Access key: $access_key" + iecho " New status: $status" + iecho "" + + # Update the access key status + response=$(aws iam update-access-key \ + --user-name "$user_name" \ + --access-key-id "$access_key" \ + --status "$status" 2>&1) + + local error_code=${?} + + if [[ $error_code -ne 0 ]]; then + aws_cli_error_log $error_code + errecho "ERROR: AWS reports update-access-key operation failed.\n$response" + return 1 + fi + + iecho "update-access-key response: $response" + iecho + + return 0 +} +# snippet-end:[aws-cli.bash-linux.iam.UpdateAccessKey] + # snippet-start:[aws-cli.bash-linux.iam.DeleteAccessKey] ############################################################################### # function iam_delete_access_key From 2b5ef528c19ecce5ff22081ee99ddbdb3ad1cefc Mon Sep 17 00:00:00 2001 From: Rachel Hagerman <110480692+rlhagerm@users.noreply.github.com> Date: Thu, 13 Feb 2025 10:57:21 -0600 Subject: [PATCH 2/3] Updates to metadata --- .doc_gen/metadata/iam_metadata.yaml | 9 +++++++++ aws-cli/bash-linux/iam/README.md | 6 +++--- .../iam/iam_create_user_assume_role_scenario.sh | 9 +++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.doc_gen/metadata/iam_metadata.yaml b/.doc_gen/metadata/iam_metadata.yaml index 383f52d39ff..480b9d7ee9f 100644 --- a/.doc_gen/metadata/iam_metadata.yaml +++ b/.doc_gen/metadata/iam_metadata.yaml @@ -889,6 +889,15 @@ iam_UpdateAccessKey: - description: snippet_tags: - iam.cpp.update_access_key.code + Bash: + versions: + - sdk_version: 2 + github: aws-cli/bash-linux/iam + sdkguide: + excerpts: + - description: + snippet_tags: + - aws-cli.bash-linux.iam.UpdateAccessKey services: iam: {UpdateAccessKey} iam_Scenario_ManageAccessKeys: diff --git a/aws-cli/bash-linux/iam/README.md b/aws-cli/bash-linux/iam/README.md index 19baf85864c..73f91b75737 100644 --- a/aws-cli/bash-linux/iam/README.md +++ b/aws-cli/bash-linux/iam/README.md @@ -45,14 +45,15 @@ Code excerpts that show you how to call individual service functions. - [CreatePolicy](iam_operations.sh#L421) - [CreateRole](iam_operations.sh#L342) - [CreateUser](iam_operations.sh#L113) -- [DeleteAccessKey](iam_operations.sh#L787) +- [DeleteAccessKey](iam_operations.sh#L904) - [DeletePolicy](iam_operations.sh#L646) - [DeleteRole](iam_operations.sh#L716) -- [DeleteUser](iam_operations.sh#L868) +- [DeleteUser](iam_operations.sh#L985) - [DetachRolePolicy](iam_operations.sh#L571) - [GetUser](iam_operations.sh#L17) - [ListAccessKeys](iam_operations.sh#L273) - [ListUsers](iam_operations.sh#L56) +- [UpdateAccessKey](iam_operations.sh#L787) @@ -110,4 +111,3 @@ in the `aws-cli` folder. Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -SPDX-License-Identifier: Apache-2.0 \ No newline at end of file diff --git a/aws-cli/bash-linux/iam/iam_create_user_assume_role_scenario.sh b/aws-cli/bash-linux/iam/iam_create_user_assume_role_scenario.sh index d630c862708..2cb96f9d3fd 100755 --- a/aws-cli/bash-linux/iam/iam_create_user_assume_role_scenario.sh +++ b/aws-cli/bash-linux/iam/iam_create_user_assume_role_scenario.sh @@ -351,6 +351,15 @@ function clean_up() { fi fi + if [ -n "$access_key_name" ]; then + if (iam_update_access_key -u "$user_name" -k "$access_key_name" -d); then + echo "Deactivated access key $access_key_name" + else + errecho "The access key failed to deactivate." + result=1 + fi + fi + if [ -n "$access_key_name" ]; then if (iam_delete_access_key -u "$user_name" -k "$access_key_name"); then echo "Deleted access key $access_key_name" From 2760d57bfe3b1484469466cbc5480a360719d0b2 Mon Sep 17 00:00:00 2001 From: Rachel Hagerman <110480692+rlhagerm@users.noreply.github.com> Date: Thu, 13 Feb 2025 11:20:54 -0600 Subject: [PATCH 3/3] Update README.md --- aws-cli/bash-linux/iam/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/aws-cli/bash-linux/iam/README.md b/aws-cli/bash-linux/iam/README.md index 73f91b75737..a204208e13e 100644 --- a/aws-cli/bash-linux/iam/README.md +++ b/aws-cli/bash-linux/iam/README.md @@ -111,3 +111,4 @@ in the `aws-cli` folder. Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +SPDX-License-Identifier: Apache-2.0