tn aws-make-s3-bucket: Improve IAM user secret key handling #5
Description
Problem
When using tn aws-make-s3-bucket <project_name> [profile] [region] command from tn-cli, if an IAM user already exists with access keys, the CloudFormation stack output doesn't provide the secret key. This forces users to create new access keys to get the secret needed for environment variables (e.g., Heroku deployments).
Current Behavior
- Command creates S3 bucket via CloudFormation
- If IAM user already has access keys, secret key is not accessible in stack outputs
- Users must manually create new access keys to obtain the secret
Expected Behavior
The command should either:
- Provide a way to retrieve or regenerate the secret key for existing IAM users
- Output clear instructions on how to handle existing access keys
- Consider creating new access keys as part of the stack (with proper rotation handling)
Use Case
Engineer needed to pass AWS credentials as environment variables to Heroku instances but couldn't access the existing secret key after running the command.
Suggested Improvements
- Add option to regenerate access keys when IAM user already exists
- Include secret key retrieval mechanism in CloudFormation outputs (if secure)
- Document workaround for existing IAM users with keys