Initial version

	Basic functionality
	Change only the default profle from aws cli
	Changes only one SecretAccessKey
	Basic error trapping

aws-rotate-SecretAccessKey.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+#
+# AWS SecretAccessKey rotation script
+# Copyright (c) 2020 - SCPG <[email protected]>
+#
+# Credits:
+#   Some ideas taken from:
+#     * https://github.com/ralish/bash-script-template
+#     * https://github.com/z017/shell-script-skeleton
+
+
+# Initialization
+# Debug
+if [[ ${DEBUG-} =~ ^yes|true$ ]]; then
+    set -o xtrace # Trace the execution of the script (debug)
+fi
+
+# Paths and sources
+scriptHome=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")
+commonFileName="common.sh"
+commonFile="${scriptHome}/${commonFileName}"
+[ -s "${commonFile}" ] && . "${commonFile}"
+
+# Constants
+readonly VERSION=0.0.1
+readonly AUTHOR="[email protected]"
+readonly GITHUB="https://github.com/scpg/aws-rotate-SecretAccessKey"
+
+readonly SCRIPT_NAME=${0##*/}
+
+# Requirements
+readonly REQUIRED_TOOLS=(jq aws)
+required "${REQUIRED_TOOLS[@]}" 
+
+helpText="
+USAGE:
+  $SCRIPT_NAME <aws-user> 
+"
+
+if [ $# -ne 1 ]; then
+  err "illegal number of parameters"
+  help "$helpText"
+fi
+
+set -e
+if [ -z "$1" ]; then
+    exit
+fi
+
+awsUser="$1"
+currentKey=$(aws iam list-access-keys --user-name "$awsUser")
+currentKeyCount=$(echo "$currentKey" | jq '.AccessKeyMetadata | length' --raw-output)
+if [ $currentKeyCount -ne 1 ]; then
+  err "SecretAccessKey count for user '$awsUser' is '$currentKeyCount'. Expecting 1"
+  exit 1
+fi
+currentKeyAccessKeyId=$(echo "$currentKey" | jq '.AccessKeyMetadata[0].AccessKeyId' --raw-output)
+newKey=$(aws iam create-access-key --user-name "$awsUser")
+newKeyAccessKeyId=$(echo "$newKey" | jq '.AccessKey.AccessKeyId' --raw-output)
+newKeySecretAccessKey=$(echo "$newKey" | jq '.AccessKey.SecretAccessKey' --raw-output)
+
+aws iam update-access-key --access-key-id $currentKeyAccessKeyId --status Inactive --user-name "$awsUser"
+aws iam delete-access-key --access-key-id $currentKeyAccessKeyId --user-name "$awsUser"
+
+aws configure set aws_access_key_id "$newKeyAccessKeyId"
+aws configure set aws_secret_access_key "$newKeySecretAccessKey"

common.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+#
+# Common script functions 
+# Copyright (c) 2020 - SCPG <[email protected]>
+#
+# Credits:
+#   Some ideas taken from:
+#     * https://github.com/ralish/bash-script-template
+#     * https://github.com/z017/shell-script-skeleton
+
+#######################################
+# CONSTANTS & VARIABLES
+#######################################
+# Verbose Levels
+readonly VERBOSE_LEVELS=(none fatal error warning info debug)
+
+# Level Colors
+readonly LEVEL_COLORS=(39 31 31 33 32 36)
+
+# Defaults Verbose Level - 0 none, 1 fatal, 2 error, 3 warning, 4 info, 5 debug
+readonly VERBOSE_DEFAULT=5
+
+# Current verbose level
+declare -i verbose_level="$VERBOSE_DEFAULT"
+
+#######################################
+# FUNCTIONS
+#######################################
+
+# Print out error messages to STDERR.
+function err() {
+  [[ $verbose_level -ge 1 ]] \
+    && echo -e "\033[0;${LEVEL_COLORS[1]}mERROR: $@\033[0m" >&2
+}
+
+# Shows an error if required tools are not installed.
+function required {
+  local e=0
+  for tool in "$@"; do
+    type $tool >/dev/null 2>&1 || {
+      e=1 && err "$tool is required for running this script. Please install $tool and try again."
+    }
+  done
+  [[ $e < 1 ]] || exit 2
+}
+
+# Version
+function version() {
+  echo "$SCRIPT_NAME version $VERSION"
+}
+# Help
+function help() {
+  echo "$@" >&2
+  exit 1
+}