The journey to writing a user provisioning and deprovisioning process for AWS Labs…in Powershell
| Action | Powershell Commands |
| Create User | New-Iamuser -username $user |
| Create Console Password | New-IAMLoginProfile -username $user |
| Change Console Password | Update-IAMLoginProfile -username $user |
| Add user to Group | Add-IAMUserToGroup -username $user -groupname $group |
| Remove User from Group | Remove-IAMUserfromGroup -username $user -groupname $group |
| Remove the IAM User | Remove-IAMUser -username $user |
| Get the Account ID and use the following URL for login https:// My_AWS_Account_ID.signin.aws.amazon.com/console/ | Get-STSCallerID |
Generic Steps
- Create the Console users and give the user the option for either users based on pattern or from a given .csv file.
- Create the Console user and create a password for that user.
- Add the User to a particular group which has the IAM Policies attached to that group.
- The script will then either wait a certain amount of time after the Users were created or the admin can manually run the user deletion script. The user will than be removed from the group ( thus removing access ) and the password will be changed. The easiest way to remove access is to delete the user.
- Later scripts will somehow delete the resources that were created at the end of the day.
The code thus far to Create the Lab User Account and delete the lab users accounts can be found here:https://github.com/itglueguy/AWS-OpenLabs
