authorized_keys/makeitso

#!/bin/sh

if [ $# -ne 1 ]; then
  echo 'usage: makeitso <primaryusername>' >&2
  exit 1
fi

sudo adduser --disabled-login --gecos 'User for AuthorizedKeysCommand' authorizedkeysuser

sudo sh -c "echo 'Match User $1
  AuthorizedKeysCommand /etc/ssh/get_authorized_keys
  AuthorizedKeysCommandUser authorizedkeysuser' >> /etc/ssh/sshd_config"

sudo cp get_authorized_keys /etc/ssh

sudo chmod 755 /etc/ssh/get_authorized_keys

sudo -u authorizedkeysuser mkdir ~authorizedkeysuser/.aws
sudo -u authorizedkeysuser cp config ~authorizedkeysuser/.aws
sudo -u authorizedkeysuser cp .credentials ~authorizedkeysuser/.aws/credentials
sudo -u authorizedkeysuser chmod 600 ~authorizedkeysuser/.aws/*
sudo -u authorizedkeysuser sh -c 'command -v aws > /dev/null 2>&1 || pip install --user awscli'
sudo systemctl restart sshd