Create New AWS User & Access Keys – IAM CLI Script

The AWS Command Line Interface is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. We have included the ability to create IAM Users, Groups and Policy through the Amazon CLI.

Note: We strongly recommend you use Roles for Cross-Account Access instead of IAM Access Keys. IAM Access Keys require periodic rotation and can be shared or stolen. Roles for Cross-Account Access are a more secure way of granting programmatic access to your AWS accounts. Only use IAM Access Keys if you absolutely must

Script for creating CloudCheckr users in an AWS Account

Use this command below to create an aws account with a secret and access key:

$ aws configure

After running the above command you will be prompted for a secret key, access key, and region. IAM is independent of region so the region prompt use None or us-west-2.

Example:

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Once you are into the system, you can use the following command line to add your user, group and policy.

& aws iam create-group --group-name CloudCheckrGroup
$ aws iam create-user --user-name CloudCheckrUser
$ aws iam add-user-to-group --user-name CloudCheckrUser --group-name CloudCheckrGroup
$ aws iam get-group --group-name CloudCheckrGroup
$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document https://s3.amazonaws.com/checkr3/CC_IAM_FullPolicy.json

If for some reason the above line of code does not work, you will have to download the file from https://s3.amazonaws.com/checkr3/CC_IAM_FullPolicy.json and use the below line instead of the above one:

$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document file://C:TempMyPolicyFile.json

If using the above line make sure the path of the file is set to the correct path. After you have created these you need to create an access key with the following script:

$ aws iam create-access-key --user-name CloudCheckrUser

For more information please visit http://docs.aws.amazon.com/cli/latest/userguide/installing.html

Leave a Reply