Documentation
¶
Overview ¶
Package iam provides a plugin which implements both the rotate.Client and the disable.Client and is used to rotate IAM AWS user accounts and disable inactive access keys associated with those accounts.
Index ¶
- Constants
- type Client
- func (c *Client) DisableSecret(ctx context.Context, sec secret.Info) error
- func (c *Client) Keys() secret.Map
- func (c *Client) LastRotated(ctx context.Context, sec secret.Info) (time.Time, error)
- func (c *Client) LastUpdated(ctx context.Context, sec secret.Info) (time.Time, error)
- func (c *Client) Name() string
- func (c *Client) RotateSecret(ctx context.Context, sec secret.Info) (secret.Map, error)
Constants ¶
const ( // This is the key that will be used to map to the AWS IAM access key when // returned from RotateSecret() AccessKeyName = "AWS_ACCESS_KEY_ID" // This is the key that will be used to map to the AWS IAM secret key when // returned from RotateSecret() SecretKeyName = "AWS_SECRET_ACCESS_KEY" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client implements both the rotate.Client and disable.Client interfaces.
func (*Client) DisableSecret ¶
DisableSecret performs disabling of the old key on AWS IAM.
func (*Client) LastRotated ¶
LastRotated will return the data of the newest key on the IAM account.
func (*Client) LastUpdated ¶
LastUpdated returns the date of the old key associated with the IAM user.
func (*Client) RotateSecret ¶
RotateSecret will perform rotation of the secret for the given user. On success, this will return the secrets map with two keys, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, set to the newly minted values. The previous newest key will now by the old key and any previous key will have been removed (at least, that is how IAM works as of this writing).
On error, an empty map is returned with an error.
Source Files