Por: @jonasc
Publicado em: 2021-02-03

Integração com AWS IAM SDK para criação de usuários e chaves automaticamente

Requisitos

Necessário uma conta de acesso às APIs da AWS e a ferramenta awscli configurada no servidor que executar o código.

Instalação

Instalando AWS CLI:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Instalando lib do python para integração com SDK AWS:

pip install boto3

Configuração

Configurando AWS CLI:

jonasc@jonasc:~$ aws configure
AWS Access Key ID [None]: AKIALALALALALA5ZG
AWS Secret Access Key [None]: V18xhNqJjVlalalalalalalalalalalO+ExoT/r
Default region name [None]: sa-east-1
Default output format [None]: json

Exemplo de uso

Código completo:

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from sys import argv
import boto3

def get_sd_client_list():
    client_list = ['testeX']
    return client_list

def aws_create_users(client_list):
    iam = boto3.client('iam')
    user_list = []
    print('################# criando usuários ############')
    for client in client_list:
        username='itflex-client-backup-'+client
        try:
            response = iam.create_user(
                UserName=username
            )
            print(response)
        except:
            pass
        print()
        user_list.append(username)
    return user_list

def aws_adduser_togroup(user_list):
    iam = boto3.resource('iam')
    group = iam.Group('itflex-client-backup')
    print('################# adicionando usuários ao grupo ############')
    for username in user_list:
        response = group.add_user(
            UserName=username
        )
        print(response)
    return

def aws_create_access_key(user_list):
    iam = boto3.client('iam')       
    print('################# Criando access keys ############')
    for username in user_list:
        response = iam.create_access_key(
           UserName=username
        )
        print(response)
    return

def aws_list_access_key(user_list):
    iam = boto3.client('iam')       
    paginator = iam.get_paginator('list_access_keys')
    print('################# Listando access keys ############')
    for username in user_list:
        for response in paginator.paginate(UserName=username):
            print(response)
    return

def aws_update_access_key_status():
    return

def update_sd_client_access_key():
    return

def aws_list_users():
    iam = boto3.client('iam')
    paginator = iam.get_paginator('list_users')
    user_list = paginator.paginate()
    return user_list

def main():
    help = """
Uso: {0} <-op1|-op2> [op3] 
Parâmetros:
  -op1			Lalalala

Exemplos:

Lalala:
{0} -op1 op3
"""
    if len(argv) < 1 or argv[1] == "-h":
        print(help.format(argv[0]))
        exit(1)
    elif argv[1] == "-op1":
        clients = get_sd_client_list()
        aws_users = aws_create_users(clients)
        aws_adduser_togroup(aws_users)
        aws_list_access_key(aws_users)
        aws_create_access_key(aws_users)
        #user_list = aws_list_users()
        #for user in user_list:
        #    print(user)
        #    print
        exit(0)
    else:
        print(help.format(argv[0]))
        exit(1)

if __name__ == '__main__':
    main()

Copyright © iTFLEX Tecnologia Ltda 2019