Documentation updates.

README.md

@@ -1,75 +1,63 @@
 # aws-rotate-key
 
-As a security best practice, AWS recommends that administrators require
-IAM users to periodically [regenerate their API access keys](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_RotateAccessKey).
-This `aws-rotate-key` tool allows users to easily rotate all of the AWS access keys defined in their local 
-[aws credentials file](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles).
-
-The program will use the AWS API to check which access keys exist
-for the provided profile. If only one access key exists, then it will
-deactivate that key and update your credentials file to use a newly 
-generated key. The old key will only be deactivated (**not** deleted),
-so that if you later find out you use the old key elsewhere, you
-can open the AWS console and reactivate it. If two access keys exist,
-then you will be asked whether you want to delete the key which is
-not currently configured in your credentials file to create an empty
-slot for the key rotation. Then, it will perform the same key rotation 
-logic on the remaining key.
+As a security best practice, AWS recommends that users periodically
+[regenerate their API access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_RotateAccessKey).
+This tool simplifies the rotation of access keys defined in your
+[credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-multiple-profiles).
 
+When run, the program will list the current access keys associated with your
+IAM user, and print the steps it has to perform to rotate them.
+It will then wait for your confirmation before continuing.
 
 ## Usage
-Usage of aws-rotate-key:
+
 ```
+$ aws-rotate-key --help
+Usage of aws-rotate-key:
+  -d	Delete old key without deactivation.
   -profile string
     	The profile to use. (default "default")
   -version
-    	Print version number (1.0.4)
-  -y
-        Automatic "yes" to prompts.
-  -d
-        Delete old key without deactivation.
-
+    	Print version number
+  -y	Automatic "yes" to prompts.
 ```
 
 ## Example
 
 ```
-$ aws-rotate-key --profile primary
-Using access key A123 from profile "primary".
-Your user ARN is: arn:aws:iam::123456789012:user/someone
+$ aws-rotate-key --profile work
+Using access key AKIAJMIGD6UPCXCFWVOA from profile "work".
+Your user ARN is: arn:aws:iam::123456789012:user/your_username
 
 You have 2 access keys associated with your user:
-- A123 (Inactive, created 2015-01-01 02:55:00 +0000 UTC, last used 2016-01-01 00:02:00 +0000 UTC for service sts in us-east-1)
-- B123 (Active, created 2016-01-01 00:02:47 +0000 UTC, last used 2016-01-01 00:03:00 +0000 UTC for service s3 in N/A)
+- AKIAI3KI7UC6BPI4O57A (Inactive, created 2018-11-22 21:47:46 +0000 UTC, last used 2018-11-30 20:35:41 +0000 UTC for service s3 in us-west-2)
+- AKIAJMIGD6UPCXCFWVOA (Active, created 2018-11-30 21:55:57 +0000 UTC, last used 2018-12-20 12:14:10 +0000 UTC for service s3 in us-west-2)
 
 You have two access keys, which is the max number of access keys.
-Do you want to delete A123 and create a new key? [yN] y
-Deleted access key A123.
-Created access key C123.
-Wrote new key pair to /Users/someone/.aws/credentials
-Deactivated old access key B123.
+Do you want to delete AKIAI3KI7UC6BPI4O57A and create a new key? [yN] y
+Deleted access key AKIAI3KI7UC6BPI4O57A.
+Created access key AKIAIX46CKYT7E5I3KVQ.
+Wrote new key pair to /Users/your_username/.aws/credentials
+Deactivated old access key AKIAJMIGD6UPCXCFWVOA.
 Please make sure this key is not used elsewhere.
+Please note that it may take a minute for your new access key to propagate in the AWS control plane.
 ```
 
 ## Install
 
-You can download the 64-bit binaries from
-[the releases section](https://github.com/Fullscreen/aws-rotate-key/releases/latest)
-of this repository.
+You can download binaries from [the releases section](https://github.com/Fullscreen/aws-rotate-key/releases/latest).
 
-Or, you can use our homebrew tap on OSX:
+You can also use our Homebrew tap on macOS:
 
 ```
-brew tap fullscreen/tap
-brew install aws-rotate-key
-aws-rotate-key
+brew install fullscreen/tap/aws-rotate-key
 ```
 
 ## Setup
 
-Make sure your users have permissions to update their own access keys via the CLI. The AWS
-documentation [here](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html#creds-policies-credentials)
-explains the required permissions and the following IAM profile should get you setup:
+Make sure your users have permissions to update their own access keys. The following AWS documentation page explains the required permissions: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html#creds-policies-credentials.
+
+The following IAM policy is enough for aws-rotate-key:
 
 ```json
 {

main.go

@@ -27,7 +27,7 @@ func main() {
 	flag.BoolVar(&yesFlag, "y", false, `Automatic "yes" to prompts.`)
 	flag.BoolVar(&deleteFlag, "d", false, "Delete old key without deactivation.")
 	flag.StringVar(&profileFlag, "profile", "default", "The profile to use.")
-	flag.BoolVar(&versionFlag, "version", false, "Print version number ("+version+")")
+	flag.BoolVar(&versionFlag, "version", false, "Print version number")
 	flag.Parse()
 
 	if versionFlag {
@@ -191,6 +191,7 @@ func main() {
 		fmt.Printf("Deactivated old access key %s.\n", creds.AccessKeyID)
 		fmt.Println("Please make sure this key is not used elsewhere.")
 	}
+	fmt.Println("Please note that it may take a minute for your new access key to propagate in the AWS control plane.")
 }
 
 func pluralize(n int) string {