From 03a7828a7d21ae2753e87c69792dac0a9e224f0c Mon Sep 17 00:00:00 2001 From: nicholascowan Date: Thu, 24 May 2018 16:32:16 -0400 Subject: [PATCH 1/5] Support for deleted/non-existant IAM group This allows the import logic to work if a group has been deleted or does not exist (optional group) It does so by combining stdout and stderr and stripping any lines which contain "(NoSuchEntity)", as AWSCLI will return the following: `An error occurred (NoSuchEntity) when calling the GetGroup operation: The group with name NonExistantGroup cannot be found.` --- import_users.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/import_users.sh b/import_users.sh index 07cdcf8..b99ff72 100755 --- a/import_users.sh +++ b/import_users.sh @@ -103,7 +103,9 @@ function get_iam_users() { --group-name "${group}" \ --query "Users[].[UserName]" \ --output text \ - | sed "s/\r//g" + 3>&1 1>&2 2>&3 3>&- \ + | sed "s/\r//g" \ + | sed "/\(NoSuchEntity\)/d" done fi } From aaaeb6271e5042bbb64bbbf12c2f7db00c7847fc Mon Sep 17 00:00:00 2001 From: nicholascowan Date: Thu, 24 May 2018 16:49:25 -0400 Subject: [PATCH 2/5] Update import_users.sh --- import_users.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/import_users.sh b/import_users.sh index b99ff72..efbc644 100755 --- a/import_users.sh +++ b/import_users.sh @@ -103,7 +103,7 @@ function get_iam_users() { --group-name "${group}" \ --query "Users[].[UserName]" \ --output text \ - 3>&1 1>&2 2>&3 3>&- \ + 3>&1 1>&2 2>&3 3>&- \ | sed "s/\r//g" \ | sed "/\(NoSuchEntity\)/d" done From 58e91454f134d7cc20900367602961dae8ff6005 Mon Sep 17 00:00:00 2001 From: nicholascowan Date: Fri, 25 May 2018 13:00:18 -0400 Subject: [PATCH 3/5] Cleaner solution to optional groups --- import_users.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/import_users.sh b/import_users.sh index efbc644..b82f049 100755 --- a/import_users.sh +++ b/import_users.sh @@ -99,13 +99,13 @@ function get_iam_users() { | sed "s/\r//g" else for group in $(echo ${IAM_AUTHORIZED_GROUPS} | tr "," " "); do - aws iam get-group \ + if ! aws iam get-group \ --group-name "${group}" \ --query "Users[].[UserName]" \ - --output text \ - 3>&1 1>&2 2>&3 3>&- \ - | sed "s/\r//g" \ - | sed "/\(NoSuchEntity\)/d" + --output text; + then + continue; + fi done fi } @@ -144,10 +144,13 @@ function get_sudoers_users() { [[ -z "${SUDOERS_GROUPS}" ]] || [[ "${SUDOERS_GROUPS}" == "##ALL##" ]] || for group in $(echo "${SUDOERS_GROUPS}" | tr "," " "); do - aws iam get-group \ + if ! aws iam get-group \ --group-name "${group}" \ --query "Users[].[UserName]" \ - --output text + --output text; + then + continue; + fi done } From c11917bfbdca9e5d1d7830c967453b2ba80d4be8 Mon Sep 17 00:00:00 2001 From: nicholascowan Date: Tue, 12 Jun 2018 12:28:29 -0400 Subject: [PATCH 4/5] Temporary change to my fork for install testing --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index f07b464..af1c1c3 100755 --- a/install.sh +++ b/install.sh @@ -97,7 +97,7 @@ tmpdir=$(mktemp -d) cd "$tmpdir" -git clone -b master https://github.com/widdix/aws-ec2-ssh.git +git clone -b master https://github.com/nicholascowan/aws-ec2-ssh.git cd "$tmpdir/aws-ec2-ssh" From 2a199fb893a42af6869e72fbd6585b57d192db77 Mon Sep 17 00:00:00 2001 From: nicholascowan Date: Mon, 7 Mar 2022 15:28:16 -0500 Subject: [PATCH 5/5] Add random delay --- install.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index af1c1c3..9bf6ffd 100755 --- a/install.sh +++ b/install.sh @@ -143,8 +143,10 @@ SHELL=/bin/bash PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/aws/bin MAILTO=root HOME=/ -*/10 * * * * root $IMPORT_USERS_SCRIPT_FILE +RANDOM_DELAY=19 +*/20 * * * * root $IMPORT_USERS_SCRIPT_FILE EOF + chmod 0644 /etc/cron.d/import_users $IMPORT_USERS_SCRIPT_FILE