search

aws / aws-sdk

Landing page for the AWS SDKs on GitHub
https://aws.amazon.com/tools/
Other
72 stars 14 forks source link

Add description/tag support while creating access key id using aws-cli. #464

Open glg-satish-tripathi opened 1 year ago

glg-satish-tripathi commented 1 year ago

Describe the feature

There is no option in aws cli to create and access key with description/tag as it's there in the aws web console. The same this with aw-sdk and aws terraform provider.

image

Use Case

This will be very useful in case of automation where we are creating access key using a lambda function on a certain time interval and updating it in Jenkins/Spacelift for AWS china user as AWS china don't have role based access support.
So the description is necessary to have in order to give the Access key id a meaningful description.

Proposed Solution

aws iam create-access-key --user-name xyz --description "Key for China user" aws iam update-access-key --access-key-id xyztxcdc --user xyz-- description "Key for China user"

Other Information

No response

Acknowledgements

CLI version used

aws-cli/2.8.4 Python/3.10.8 Darwin/22.1.0 source/arm64

Environment details (OS name and version, etc.)

MacOs

datfinesoul commented 1 year ago

The description field/tag on IAM Access Keys is an incredibly useful feature, and it's really a shame that it can only be done via the AWS console. Adding this functionality to the CLI would be a great addition and would allow admins to better evaluate the key's purpose.

mikemartin1090 commented 1 year ago

After trying this in the console, I see that all this feature is doing is tagging the IAM user with a key of the access key and a value of whatever description you provide. To create this same functionality while using the AWS CLI, you'd have to do something like this:

username="mmartin-delete-after-jan-25"

tagValue="China Production Use Case"

accessKey=$(aws iam create-access-key --user-name $username --query 'AccessKey.[AccessKeyId]' --output text --no-cli-pager)

# create a tag for the access key
aws iam tag-user --user-name $username --tags Key=$accessKey,Value=$tagValue --no-cli-pager
tim-finnigan commented 1 year ago

Thanks @mikemartin1090 for sharing that solution! @glg-satish-tripathi does that address your use case?

github-actions[bot] commented 1 year ago

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

glg-satish-tripathi commented 1 year ago

Sorry i am bit late on this. Thanks for the solution Mike. @tim-finnigan having a description field will still be more useful then doing it this way. In most of the aws cli we do have a description field so i think it should be here as well.

reopen https://github.com/aws/aws-sdk/issues/464

tim-finnigan commented 1 year ago

Hi @glg-satish-tripathi. In that case I will forward your feature request to the IAM team for further consideration, as new API functionality would need to be implemented by them. I'll transfer this issue to our cross-SDK repository and let you know if we have any updates. Thanks! (ticket for our reference: P80807167)