L2A7hQSm5CTq6pW4jpdHUpdate Old AWS IAM Access Keys
Update Old AWS IAM Access Keys
This task pertains to managing and refreshing AWS Identity and Access Management (IAM) user credentials to uphold security best practices. IAM access keys, which consist of an access key ID and a secret access key, are used to authenticate AWS API requests. However, if these keys are compromised or simply aged, updating them becomes crucial to safeguard the account. Updating might involve changing the status of the keys (activating or deactivating them), in this case we are deactivating them. The practice of regularly updating access keys is crucial in minimizing the risk associated with long-term key usage or potential unauthorized access.
inputs
outputs
import boto3
creds = _get_creds(cred_label)['creds']
access_key = creds['username']
secret_key = creds['password']
# Initialize the IAM client
iam_client = boto3.client('iam',aws_access_key_id=access_key,aws_secret_access_key=secret_key)
try:
# Check if old_keys_data is not empty
if old_keys_data:
# Loop through each key data in the input
for key_data in old_keys_data:
username = key_data['username']
access_key_id = key_data['access_key_id']
# Deactivate the access key
iam_client.update_access_key(UserName=username, AccessKeyId=access_key_id, Status='Inactive')
print(f"Deactivated access key {access_key_id} for user {username}")
else:
print("No old keys provided for deactivation.")
except boto3.exceptions.botocore.exceptions.PartialCredentialsError as pce:
print(f"Credentials error: {str(pce)}")
except boto3.exceptions.botocore.exceptions.BotoCoreError as bce:
print(f"BotoCore Error: {str(bce)}")
except boto3.exceptions.botocore.exceptions.ClientError as ce:
print(f"Client Error: {str(ce)}")
except Exception as e:
print(f"An unexpected error occurred: {str(e)}")
context.proceed=False
copied