Hello,
I have a script that reports on aws keys older than 90 days. It loops through all AWS environments with this file:
Code:
aws_env_list="source_files/aws_environments_all.txt"
This works well. But I also want to loop through a list of AWS account numbers defined in this file:
Code:
aws_account_numbers="source_files/aws_account_numbers.txt"
The account numbers should line up with the account names.
How do I add the aws account numbers to the while loop in this function?
Code:
create_user_keys_list() {
echo
echo "****************************************"
echo "* Create User Keys Lists *"
echo "****************************************"
aws_user_info
printf "Enter user's first name: "
read -r first_name
printf "Enter the user's email address: "
read -r email_address
echo
fusion_link='<a href="https://company.service-now.com/myfusion?id=sc_cat_item&sys_id=7949c77e6ffc310048c83cb44b3ee4a7">Change AWS Configuration</a>'
mail_body="<font size="3" face="Callibri" color="black">Hello $first_name, <br /><br />Enclosed, please find a list of AWS Access keys that need to be replaced for user name: $aws_user_name.<br /><br />The list is from all company AWS acccounts that have access keys that are older than 90 days for this user.<br /><br />All AWS Keys need to be replaced if they are older than 90 days.<br /><br />You can open up a fusion ticket using this catalog item: $fusion_link to have Cloud Ops rotate or destroy your key.<br /><br />Please attach this spread sheet to the ticket.<br /><br />Regards,<br />Cloud Ops</font>"
ofile=source_files/aws_user_keys/"$aws_user_name"-aws-access-keys.csv
echo "User Name, Access Key,Date Created,Last Used,Days Old,AWS Account" > $ofile
while IFS= read -r aws_key
do
user_lives_here=$(aws iam get-user --user-name "$aws_user_name" --profile="$aws_key" 2> /dev//null | jq -r '.User.UserName')
if [[ -z "$user_lives_here" ]]; then
printf "AWS user name: %s does not exist in AWS account: %s\\n" "$aws_user_name" "$aws_key"
else
process_keys "$aws_key"
if [ "$key1dtSec" -lt "$taSec" ] || [ "$key2dtSec" -lt "$taSec" ]; then
echo
echo "********************************************************"
echo "* List $aws_user_name's keys in $aws_key *"
echo "********************************************************"
echo
printf "%s has the following keys in %s:\\n" "$aws_user_name" "$aws_key"
echo; echo
if [ "$key1dtSec" -lt "$taSec" ]; then
printf "%s created on %s\\nThis key is %s days old and needs to be replaced.\\nKey was last used on: %s.\\n" "$user_access_key1" "$key1_date_created." "$key1AgeDays" "$key1_last_used"
echo "$aws_user_name,$user_access_key1,$key1_date_created,$key1_last_used,$key1AgeDays,$aws_key" >> $ofile
echo
elif [ "$key2dtSec" -lt "$taSec" ]; then
printf "%s created on %s\\nThis key is %s days old and needs to be replaced.\\nKey was last used on: %s.\\n" "$user_access_key2" "$key2_date_created." "$key2AgeDays" "$key2_last_used"
echo "$aws_user_name,$user_access_key2,$key2_date_created,$key2_last_used,$key2AgeDays,$aws_key" >> $ofile
echo
else
echo "**********************************************************************"
echo "* No keys older than 90 days for $aws_user_name in $aws_key *"
echo "**********************************************************************"
fi
fi
fi
done < "$aws_env_list"
echo "sending mail"
echo $mail_body | mutt -e 'set from=cloudops@noreply.company.com realname="Cloud Ops" content_type=text/html' -a "$ofile" -s "AWS Key Rotation Needed" -- $email_address
/bin/rm -v $ofile
end_banner
echo
}