| agent: |
Djz11ruzxViLAtbDHH52Create an AWS IAM user
Create an AWS IAM user
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This task creates an IAM user which is an identity with specific permissions to access and manage AWS resources. This allows for fine-grained access control by assigning individualized permissions or roles to each user, rather than using root account credentials. Creating an IAM user is essential for securely managing access to AWS services and resources.
inputs
outputs
import boto3
creds = _get_creds(cred_label)['creds']
access_key = creds['username']
secret_key = creds['password']
# Initialize the AWS clients for IAM (Identity and Access Management) and STS (Security Token Service)
iam = boto3.client('iam',aws_access_key_id=access_key,aws_secret_access_key=secret_key)
sts = boto3.client('sts',aws_access_key_id=access_key,aws_secret_access_key=secret_key)
def validate_password(password):
"""
Validate the password against AWS's default password policy.
AWS's password policy typically requires the following:
- A minimum length (e.g., 8 characters)
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character from a predefined set
"""
# Check each requirement and return False if any are not met
if (len(password) < 8 or
not any(char.isdigit() for char in password) or
not any(char.isupper() for char in password) or
not any(char.islower() for char in password) or
not any(char in '!@#$%^&*()-+=' for char in password)):
return False
return True
def create_iam_user(user_name=None, password=None):
"""
Creates an IAM user and assigns a login profile (console access).
"""
# Preliminary check: Ensure both username and password are provided
if not user_name or not password:
print("Error: Both username and password are required.")
return
# Validate the provided password against AWS's requirements
if not validate_password(password):
print("Error: The provided password doesn't meet AWS's default password policy.")
return
try:
# Check if the IAM user already exists
iam.get_user(UserName=user_name)
print(f"Error: IAM user {user_name} already exists.")
return
except iam.exceptions.NoSuchEntityException:
# This is the expected exception if the user does not exist, so we can proceed to create one
pass
# Attempt to create the IAM user
try:
response = iam.create_user(UserName=user_name)
print(f"IAM user {user_name} created successfully!")
except iam.exceptions.EntityAlreadyExistsException:
print(f"Error: IAM user {user_name} already exists.")
return
except Exception as e:
print(f"An error occurred while creating IAM user {user_name}: {e}")
return
# Attempt to create a login profile, which allows the user to access the AWS Management Console
try:
iam.create_login_profile(UserName=user_name, Password=password)
print(f"Login profile created for user {user_name}!")
# Get the AWS ARN (Amazon Resource Name) of the entity making the call. Useful for audit purposes.
caller_identity = sts.get_caller_identity()
print(f"IAM user {user_name} created by {caller_identity['Arn']}")
except Exception as e:
print(f"An error occurred while creating a login profile for IAM user {user_name}: {e}")
'''
Define IAM user name and password
user_name, password initialized in input parameters
'''
user_name = locals().get('user_name', '') or ''
password = locals().get('password', '') or ''
if not user_name or not password:
print("Please provide a valid user name and password.")
else:
create_iam_user(user_name, password)
context.proceed = False
copied