Get all keys from an AWS account and send an email if a key is getting old

An example environment variable file:

AWS_ACCESS_KEY_ID=AKIAXXXXX
AWS_SECRET_ACCESS_KEY=XXXXX
SENDGRID_API_KEY=XXXXX
DAYS_WARN=80
DAYS_ERROR=90
EMAIL_TO=XXXXX
EMAIL_FROM=XXXXX
EMAIL_REPLY_TO=XXXXX

The AWS ID (yes this service does audit its own key)

The AWS secret

API Key for Sendgrid

The number of days a key can live before marked as needing to be deleted soon

The number of days a key can live before marked as needing to be deleted

The email address to send the email to

The email address the email is sent as

The email address to reply to (helpful when clicking REPLY ALL)

The application is (currently) deployed to the us-east1 Kubernetes cluster and is done manually for now.

The secrets and cronjob configuration can be found in the kube repo at: <kube repo root>/us-east1.buffer-k8s.com/internal/aws-key-auditor

NOTE: all scripts are run in the aws-key-auditor directory in the kube repo.

First make sure the secret containing the .env file is created

./create-secret.sh

Apply the cronjob deployment to kuberenetes

kubectl apply -f cronjob.yaml

Make changes to code, commit and push

Get the latest git hash

git rev-parse HEAD

Publish with the latest git hash as the version

./publish.sh <the git hash>

Update version in the kube repo

cd <kube repo root>/us-east1.buffer-k8s.com/internal/aws-key-auditor
edit cronjob.yaml

Update the image version

image: bufferapp/aws-key-auditor:<the git hash>

Deploy the version

kubectl apply -f cronjob.yaml

Open the environment variables in the kube repo

cd <kube repo root>/us-east1.buffer-k8s.com/internal/aws-key-auditor
edit env

change the environment variables

Update the environment variables secret

./create-secret.sh