public override async Task DoAction(string RoleARN)
{
await base.DoAction(RoleARN);
var logger = LogManager.GetCurrentClassLogger();
var creds = SharedLibrary.Utilities.AssumeRole(RoleARN, RegionEndpoint.USEast1);
var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
Amazon.IdentityManagement.AmazonIdentityManagementServiceClient client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(sessionCreds);
string Marker = null;
do
{
var listUsersResults = await client.ListUsersAsync(new ListUsersRequest { Marker = Marker });
foreach (var user in listUsersResults.Users)
{
try
{
var getLoginProfileResult = client.GetLoginProfileAsync(new GetLoginProfileRequest {
UserName = user.UserName
}).Result;
if (getLoginProfileResult.LoginProfile != null)
{
var deleteLoginProfileResult = client.DeleteLoginProfileAsync(new DeleteLoginProfileRequest {
UserName = user.UserName
}).Result;
logger.Debug($"Deleted login profile for user {user.UserName}");
}
}
catch (Exception)
{ }
var userPoliciesResult = client.ListAttachedUserPoliciesAsync(new ListAttachedUserPoliciesRequest {
UserName = user.UserName
}).Result;
foreach (var policy in userPoliciesResult.AttachedPolicies)
{
var detachPolicyResult = client.DetachUserPolicyAsync(new DetachUserPolicyRequest {
PolicyArn = policy.PolicyArn, UserName = user.UserName
}).Result;
if (detachPolicyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Successfully detached user policy {policy.PolicyName} from user {user.UserName}");
}
}
var listUserPoliciesResult = client.ListUserPoliciesAsync(new ListUserPoliciesRequest {
UserName = user.UserName
}).Result;
foreach (var policy in listUserPoliciesResult.PolicyNames)
{
var deleteUserPolicyResult = client.DeleteUserPolicyAsync(new DeleteUserPolicyRequest {
PolicyName = policy, UserName = user.UserName
}).Result;
if (deleteUserPolicyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Successfully deleted user policy {policy} from user {user.UserName}");
}
}
var listAccessKeysResult = client.ListAccessKeysAsync(new ListAccessKeysRequest {
UserName = user.UserName
}).Result;
foreach (var accessKey in listAccessKeysResult.AccessKeyMetadata)
{
var deleteAccessKeyResult = client.DeleteAccessKeyAsync(new DeleteAccessKeyRequest {
AccessKeyId = accessKey.AccessKeyId, UserName = user.UserName
}).Result;
if (deleteAccessKeyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Deleted access key {accessKey.AccessKeyId} for user {user.UserName}");
}
}
var deleteUserResult = client.DeleteUserAsync(new DeleteUserRequest {
UserName = user.UserName
}).Result;
if (deleteUserResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Deleted user {user.UserName}");
}
}
} while (Marker != null);
}
public async Task <UserType> DoAction(string RoleARN)
{
try
{
var creds = SharedLibrary.Utilities.AssumeRole(RoleARN, RegionEndpoint.USEast1);
var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);
Amazon.IdentityManagement.AmazonIdentityManagementServiceClient client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(sessionCreds);
GetUserResponse getUserResult;
bool userFound = false;
try
{
getUserResult = await client.GetUserAsync(new GetUserRequest { UserName = Username });
userFound = getUserResult.User != null;
}
catch { }
var newPassword = Utilities.RandomString(8);
if (userFound)
{
try
{
var getLoginProfileResult = await client.GetLoginProfileAsync(new GetLoginProfileRequest { UserName = Username });
if (getLoginProfileResult.LoginProfile != null)
{
var deleteLoginProfileResult = await client.DeleteLoginProfileAsync(new DeleteLoginProfileRequest { UserName = Username });
}
}
catch (Exception ex)
{
logger.Debug(ex.Message);
}
var listAccessKeysResult = client.ListAccessKeysAsync(new ListAccessKeysRequest {
UserName = Username
}).Result;
foreach (var accessKey in listAccessKeysResult.AccessKeyMetadata)
{
var deleteAccessKeyResult = client.DeleteAccessKeyAsync(new DeleteAccessKeyRequest {
AccessKeyId = accessKey.AccessKeyId, UserName = Username
}).Result;
if (deleteAccessKeyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
{
logger.Debug($"Deleted access key {accessKey.AccessKeyId} for user {Username}");
}
}
}
else
{
var createUserResult = await client.CreateUserAsync(new CreateUserRequest { UserName = Username });
}
var attachPolicyResult = await client.AttachUserPolicyAsync(new AttachUserPolicyRequest { PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess", UserName = Username });
var createLoginProfileResult = await client.CreateLoginProfileAsync(new CreateLoginProfileRequest { Password = newPassword, UserName = Username, PasswordResetRequired = true });
var createAccessKeyResult = await client.CreateAccessKeyAsync(new CreateAccessKeyRequest { UserName = Username });
UserType uType = new UserType
{
Username = Username,
Password = newPassword,
AccessKeyId = createAccessKeyResult.AccessKey.AccessKeyId,
SecretAccessKey = createAccessKeyResult.AccessKey.SecretAccessKey
};
return(uType);
}
catch (Exception ex)
{
logger.Error(ex.Message);
throw;
}
}