Create New AWS User & Access Keys – IAM CLI Script
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. This interface allows you to
create IAM users, groups, and policies.
We strongly recommend you use roles for cross-account access instead of IAM access keys. IAM access keys require periodic rotation and can be shared or stolen. Roles for
cross-account access are a more secure way of granting programmatic access to your AWS accounts. Only use IAM access keys if you absolutely must.
Create CloudCheckr Users in an AWS Account
Use this command below to create an aws account with a secret and access key:
$ aws configure
After running the above command, you will be prompted for a secret key, access
key, and region. IAM is independent of region, so at the region prompt, select
None or
us-west-2 as shown in this example:
$ aws configureAWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLEAWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYDefault region name [None]: us-west-2Default output format [None]: json
Once
you are into the system, you can use the following command line to add your user, group and policy.
& aws iam create-group --group-name CloudCheckrGroup$ aws iam create-user --user-name CloudCheckrUser$ aws iam add-user-to-group --user-name CloudCheckrUser --group-name CloudCheckrGroup$ aws iam get-group --group-name CloudCheckrGroup$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document https://s3.amazonaws.com/checkr3/CC_IAM_FullPolicy.json
If
for some reason the above line of code does not work, you will have to download the file from
here and use the this line:
$ aws iam put-group-policy --group-name CloudCheckrGroup --policy-name CloudCheckrPolicy --policy-document file://C:TempMyPolicyFile.json
If
using the above line, make sure you identified the correct file path. After you have created these scripts, you need to create an access key with the following script:
$ aws iam create-access-key --user-name CloudCheckrUser
For
more information, review the
Installing the AWS Command Line Interface topic.