This is a simple script to facilitate rotating access tokens on AWS.
AWS access tokens can live for a very long time if no attention is paid to them. They pose a great potential risk since they can grant bad actors access to critical infrastracture of our apps.
Clone this repo and run the rotate script:
./rotate [-kdhv] [-p profile] [-u username] [-c callback]
The script expects a profile with iam permissions to perform actions on the target user. It also expects a callback script to run with the new token. This allows updating consumers of the token programmatically. If no callback is provided, the new token will be printed out to the console if in verbose mode.
Alternatively, you can use this repo as a submodule of another script that handles the callbacks involved for updating the consumers of the access tokens.
Run ./rotate -h for more details of the flags and how the script works.