Skip to content

Instantly share code, notes, and snippets.

@adamcousins

adamcousins/gist:313ef2ba6a333b777678d4e96741756d

Last active January 2, 2025 05:03
Show Gist options
  • Save adamcousins/313ef2ba6a333b777678d4e96741756d to your computer and use it in GitHub Desktop.
Save adamcousins/313ef2ba6a333b777678d4e96741756d to your computer and use it in GitHub Desktop.
Download ZIP
Change KMS Key Rotation to Default 365
Raw
gistfile1.txt
NAME="KEYALIASNAME"
for acc in `aws organizations list-accounts --query 'Accounts[*].Id' --output text `;
#for acc in $accs;
do
echo "checking account $acc now";\
OUT=$(aws sts assume-role --role-arn arn:aws:iam::$acc:role/OrganizationAccountAccessRole --role-session-name ckecking-account-$acc);\
export AWS_ACCESS_KEY_ID=$(echo $OUT | jq -r '.Credentials''.AccessKeyId');\
export AWS_SECRET_ACCESS_KEY=$(echo $OUT | jq -r '.Credentials''.SecretAccessKey');\
export AWS_SESSION_TOKEN=$(echo $OUT | jq -r '.Credentials''.SessionToken');
ID=$(aws kms list-aliases --query 'Aliases[?AliasName==`alias/'${NAME}'`][TargetKeyId]' --output text)
if [ ! -z "${ID}" ]; then
aws kms describe-key --key-id $ID
aws kms enable-key-rotation --key-id $ID
aws kms get-key-rotation-status --key-id $ID
else
echo "skipping"
fi
echo "checking account $acc completed";\
unset AWS_ACCESS_KEY_ID;\
unset AWS_SECRET_ACCESS_KEY;\
unset AWS_SESSION_TOKEN;\
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment