From 50dc7c9cb38926da71aae921bb4f2a88ea6c5b6e Mon Sep 17 00:00:00 2001 From: Kris Nova Date: Mon, 6 Feb 2017 22:18:59 -0700 Subject: [PATCH] Adding hack script and fixing aws.md --- docs/aws.md | 2 +- hack/new-iam-user.sh | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100755 hack/new-iam-user.sh diff --git a/docs/aws.md b/docs/aws.md index 0e6e16bb1e..dcd426e0e6 100644 --- a/docs/aws.md +++ b/docs/aws.md @@ -61,7 +61,7 @@ arn:aws:iam::aws:policy/AmazonVPCFullAccess" for arn in $arns; do aws iam attach-group-policy --policy-arn "$arn" --group-name kops; done -aws iam create-user --user-name testuser +aws iam create-user --user-name kops aws iam add-user-to-group --user-name kops --group-name kops diff --git a/hack/new-iam-user.sh b/hack/new-iam-user.sh new file mode 100755 index 0000000000..d9c3200631 --- /dev/null +++ b/hack/new-iam-user.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +############################################################################### +# +# new-iam-user.sh +# +# Convenience script adding a new IAM user to an existing AWS account. +# +# WARNING: This script will return secrets! +# +############################################################################### + +usage(){ + echo "sh new-iam-user.sh " + exit 0 +} + +if [ -z "$1" ]; then + usage +fi + +if [ -z "$2" ]; then + usage +fi + +GROUP=$1 +USER=$1 + +aws iam create-group --group-name ${GROUP} + +export arns=" +arn:aws:iam::aws:policy/AmazonEC2FullAccess +arn:aws:iam::aws:policy/AmazonRoute53FullAccess +arn:aws:iam::aws:policy/AmazonS3FullAccess +arn:aws:iam::aws:policy/IAMFullAccess +arn:aws:iam::aws:policy/AmazonVPCFullAccess" + +for arn in $arns; do aws iam attach-group-policy --policy-arn "$arn" --group-name ${GROUP}; done + +aws iam create-user --user-name ${USER} + +aws iam add-user-to-group --user-name ${USER} --group-name ${GROUP} + +aws iam create-access-key --user-name ${USER} \ No newline at end of file