aswspreset
is a library to perform AWS root user password resets.
session, err := awspreset.New()
if err != nil {
panic(err)
}
if err := session.ResetRequest(
"root@example.com",
awspreset.Terminal,
); err != nil {
panic(err)
}
This should trigger a mail to root@example.com
. Note that the error handling around wrong email addresses is not explicit at the moment.
Extract the mail from your mailbox and put the link into the first parameter of the ResetResponse
call.
session, err := awspreset.New()
if err != nil {
panic(err)
}
if err := session.ResetResponse(
"https://signin.aws.amazon.com/resetpassword?type=RootUser&token=...&key=...",
"Th1s-Is-My-New-Password!",
); err != nil {
panic(err)
}
Now login with new the new password and enable a virtual MFA device.
session, err := awspreset.New()
if err != nil {
panic(err)
}
err = session.Login(
"root@example.com",
"Th1s-Is-My-New-Password!",
awspreset.Terminal,
nil,
)
if err != nil {
panic(err)
}
mfa := awspreset.NewMFA(session)
res, err := mfa.EnableMFA()
if err != nil {
panic(err)
}
res, err := mfa.EnableMFA()
if err != nil {
panic(err)
}
fmt.Printf("MFA secrets %q", res.Base32StringSeed)
// start new
session, err = awspreset.New()
if err != nil {
panic(err)
}
otp := func() string {
codes, err := awspreset.TOTP(res.Base32StringSeed)
if err != nil {
panic(err)
}
log.Printf("log in with otp %s", codes[0])
return codes[0]
}
err = session.Login(
"root@example.com",
"Th1s-Is-My-New-Password!",
awspreset.Terminal,
otp,
)
if err != nil {
panic(err)
}