AWS 각종 스크립트
- Taejoon Moon
Owned by Taejoon Moon
Dec 04, 2022
1 min read
Loading data...
- 1 IAM user 관리
- 1.1 IAM User 생성
- 1.2 IAM MFA check
IAM user 관리
IAM User 생성
IAM user 만들고 권한설정하는 부분은 자주 한다면 cli로 하면 더 편리합니다.
https://github.com/taejoonmoon/scripts/blob/master/aws/tfc_user_add.md
CLI 이용해서 USER 생성, tag 설정, 권한설정을 하고 만들어진 AWS key를 필요한 사람에게 전달하면 됩니다.
tfc_user="tfc"
# create user
aws iam create-user --user-name $tfc_user
aws iam tag-user --user-name $tfc_user --tags '{"Key": "deployedby", "Value": "tjmoon"}'
aws iam tag-user --user-name $tfc_user --tags '{"Key": "usedby", "Value": "Terraform Cloud"}'
aws iam list-user-tags --user-name $tfc_user
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name $tfc_user
result=`aws iam create-access-key --user-name $tfc_user`
echo "run this command"
echo "export AWS_ACCESS_KEY_ID=`echo $result | jq .AccessKey.AccessKeyId`"
echo "export AWS_SECRET_ACCESS_KEY=`echo $result | jq .AccessKey.SecretAccessKey`"IAM MFA check
https://github.com/taejoonmoon/scripts/blob/master/aws/check_mfa.sh
#!/bin/bash
# check mfa status
# https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html
iam_users=`aws iam list-users | jq -r '.Users | .[].UserName' | grep -v terraform`
for iam_user in $iam_users
do
#if aws iam list-mfa-devices --user-name $iam_user| grep -i SerialNumber; then
if mfa_device=`aws iam list-mfa-devices --user-name $iam_user| grep -i SerialNumber`; then
echo "$iam_user: MFA device $mfa_device"
else
echo "$iam_user: mfa X"
fi
done