python create_aws_user.py newuser \
--group ComputationalScientist \
--group SUDOersThis outputs a block of text which should be communicated to the user.
Last active
July 24, 2018 17:19
-
-
Save dpwrussell/e1f2d387d3c07a56818939546a8dc9b2 to your computer and use it in GitHub Desktop.
Create AWS user and add to specified group(s).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import random | |
| import string | |
| import sys | |
| LOGIN_LINK = 'https://syspharm.signin.aws.amazon.com/console' | |
| INSTRUCTIONS_KEYS = ('https://docs.aws.amazon.com/IAM/latest/UserGuide/' | |
| 'id_credentials_access-keys.html#Using_CreateAccessKey') | |
| INSTRUCTIONS_CLI = 'https://aws.amazon.com/cli/' | |
| INSTRUCTIONS_CLI_CONFIG = ('https://docs.aws.amazon.com/cli/latest/userguide/' | |
| 'cli-chap-getting-started.html') | |
| parser = argparse.ArgumentParser(description='Create an IAM user which can' | |
| 'manage its own account (Users group), plus' | |
| 'any capabilites granted by the groups' | |
| 'specified. Note that it is necessary to ' | |
| 'have permissions to manage IAM users to use ' | |
| 'this script!') | |
| parser.add_argument('username', type=str, | |
| help='Desired username.') | |
| parser.add_argument('--group', action='append', type=str, | |
| help=('A group to add this user to. Can be used ' | |
| 'multiple times.')) | |
| args = parser.parse_args() | |
| username = args.username | |
| password = ''.join(random.choices(string.ascii_uppercase + string.digits, k=8)) | |
| groups = set(args.group + ['Users']) | |
| iam = boto3.client('iam') | |
| # Check the requested groups exist | |
| for group in groups: | |
| try: | |
| iam.get_group(GroupName=group) | |
| except ClientError as e: | |
| if e.response['Error']['Code'] == 'NoSuchEntity': | |
| print(f'Group does not exist: {group}') | |
| sys.exit(1) | |
| # Create the user | |
| user = iam.create_user( | |
| UserName=username | |
| ) | |
| # Create a password for the specified username, granting access to the console | |
| # and requiring a password change on first login | |
| response = iam.create_login_profile( | |
| UserName=username, | |
| Password=password, | |
| PasswordResetRequired=True | |
| ) | |
| # Add the user to the requested groups | |
| for group in groups: | |
| response = iam.add_user_to_group( | |
| GroupName=group, | |
| UserName=username, | |
| ) | |
| print(f''' | |
| Please note that these credentials give you access to a shared AWS account | |
| that is running development and production systems for many people and projects | |
| within the lab. Please tread very carefully and avoid making changes that might | |
| affect other users. | |
| Username: {username} | |
| Password: {password} | |
| Login: {LOGIN_LINK} | |
| You will need to change your password on first login to the console. | |
| To access AWS programmatically you will need to generate access keys as | |
| described in these instructions: | |
| {INSTRUCTIONS_KEYS} | |
| The AWS CLI is very useful and can be installed as described here: | |
| {INSTRUCTIONS_CLI} | |
| The AWS CLI can be configured as described here: | |
| {INSTRUCTIONS_CLI_CONFIG} | |
| ''') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment