/awspreset

A library to perform AWS root user password resets

Primary LanguageGo

AWS password reset (aswspreset)

aswspreset is a library to perform AWS root user password resets.

Examples

Request a password reset

session, err := awspreset.New()

if err != nil {
  panic(err)
}

if err := session.ResetRequest(
	"root@example.com",
	awspreset.Terminal,
); err != nil {
	panic(err)
}

This should trigger a mail to root@example.com. Note that the error handling around wrong email addresses is not explicit at the moment.

Set the new password

Extract the mail from your mailbox and put the link into the first parameter of the ResetResponse call.

session, err := awspreset.New()

if err != nil {
  panic(err)
}

if err := session.ResetResponse(
  "https://signin.aws.amazon.com/resetpassword?type=RootUser&token=...&key=...",
  "Th1s-Is-My-New-Password!",
); err != nil {
  panic(err)
}

Enable MFA

Now login with new the new password and enable a virtual MFA device.

session, err := awspreset.New()

if err != nil {
  panic(err)
}

err = session.Login(
  "root@example.com",
  "Th1s-Is-My-New-Password!",
  awspreset.Terminal,
  nil,
)

if err != nil {
  panic(err)
}

mfa := awspreset.NewMFA(session)

res, err := mfa.EnableMFA()

if err != nil {
  panic(err)
}

res, err := mfa.EnableMFA()

if err != nil {
  panic(err)
}

fmt.Printf("MFA secrets %q", res.Base32StringSeed)

// start new

session, err = awspreset.New()

if err != nil {
  panic(err)
}

otp := func() string {

  codes, err := awspreset.TOTP(res.Base32StringSeed)

  if err != nil {
    panic(err)
  }

  log.Printf("log in with otp %s", codes[0])

  return codes[0]

}

err = session.Login(
  "root@example.com",
  "Th1s-Is-My-New-Password!",
  awspreset.Terminal,
  otp,
)

if err != nil {
  panic(err)
}