首页 发现 帮助
注册 登录
AFS
/
xdr-terraform-live
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 181489404e
分支列表 标签列表
xdr-terraform-l...
/
bin
/
credential-reports.sh

credential-reports.sh 2.0 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. #!/bin/bash
    2. 

  2. # Runs the same aws CLI command in "most" of the defined profiles
    3. 

  3. # in $HOME/.aws/config
    4. 

  4. #
    5. 

  5. # You can pass in via an environment variable a "profile set"
    6. 

  6. # of either "commercial", "govcloud", or "both".  Default is "both"
    7. 

  7. #
    8. 

  8. # Does an "aws sts get-caller-identity" to confirm that your AssumeRole
    9. 

  9. # and other necessities are properly set up before attempting to call the
    10. 

  10. # actual AWS command.
    11. 

  11. #
    12. 

  12. # PROFILE_SET=commercial aws-all.sh ec2 describe-instances
    13. 

  13. #
    14. 

  14. set -u -o pipefail # can't use -e since a pipe intentionally fails below
    15. 

  15. 

  16. AWS=${AWS:-/usr/local/bin/aws}
    17. 

  17. PROFILE_SET=${PROFILE_SET:-both}
    18. 

  18. 

  19. ALL_PROFILES=$( egrep "\[profile" ~/.aws/config | 	\
    20. 

  20. 		awk '{ print $2 }' | 			\
    21. 

  21. 		sed "s/\]//" | 				\
    22. 

  22. 		egrep -v "default|commercial|govcloud" )
    23. 

  23. 

  24. COMMERCIAL_PROFILES=""
    25. 

  25. GOVCLOUD_PROFILES=""
    26. 

  26. 

  27. export AWS_PAGER="" # Don't paginate output
    28. 

  28. 

  29. for i in $ALL_PROFILES; do
    30. 

  30. 	if [[ "$i" =~ -gov$ ]]; then
    31. 

  31. 		GOVCLOUD_PROFILES="$GOVCLOUD_PROFILES $i"
    32. 

  32. 	else
    33. 

  33. 		COMMERCIAL_PROFILES="$COMMERCIAL_PROFILES $i"
    34. 

  34. 	fi
    35. 

  35. done
    36. 

  36. 

  37. case $PROFILE_SET in
    38. 

  38. 

  39. 	both) 
    40. 

  40. 		PROFILES="$COMMERCIAL_PROFILES $GOVCLOUD_PROFILES"
    41. 

  41. 		;;
    42. 

  42. 	
    43. 

  43. 	govcloud) 
    44. 

  44. 		PROFILES="$GOVCLOUD_PROFILES"
    45. 

  45. 		;;
    46. 

  46. 

  47. 	commercial) 
    48. 

  48. 		PROFILES="$COMMERCIAL_PROFILES"
    49. 

  49. 		;;
    50. 

  50. esac
    51. 

  51. 

  52. for i in $PROFILES; do
    53. 

  53. 	echo "======================================================================================"
    54. 

  54. 	export AWS_PROFILE=$i 
    55. 

  55. 	
    56. 

  56. 	${AWS} sts get-caller-identity > /dev/null 2>&1
    57. 

  57. 	RC=$?
    58. 

  58. 

  59. 	if [[ $RC -eq 0 ]]; then
    60. 

  60. 		echo "GetCallerIdentity (AssumeRole Test) for $i OK"
    61. 

  61. 		aws iam generate-credential-report --output=text
    62. 

  62.     sleep 5
    63. 

  63.     aws iam get-credential-report | jq -r .Content | base64 --decode | tee $i.tmp
    64. 

  64.     echo "" >> $i.tmp
    65. 

  65. 	else
    66. 

  66. 		echo "GetCallerIdentity (AssumeRole Test) for $i FAILED"
    67. 

  67. 	fi
    68. 

  68. done
    69. 

  69. 

  70. echo Combining
    71. 

  71. { cat *.tmp | head -1; cat *.tmp | grep -v 'user,arn,user_creation_time' | sort -u; } > combined.tmp2
    72. 

  72. # Only the columsn we want. Since format is likely to change, this may be a bad idea
    73. 

  73. echo cutting
    74. 

  74. cut -d, -f1,2,5,6,8,9,10,11,14,15,16,19,20,21,22 combined.tmp2 > combined.csv
    75. 

  75. rm -f *.tmp *.tmp2
    76.