Created
October 24, 2018 09:20
-
-
Save avoidik/33cd88333292bf4d6bb20cc06e374d3a to your computer and use it in GitHub Desktop.
List certificates in ACM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # https://medium.com/@jbirdvegas/survey-all-your-aws-acm-certificates-f4c7ab83b02e | |
| import sys | |
| import boto3 | |
| import texttable | |
| accounts = { | |
| 'dev': 'dev.devops', | |
| 'sqa': 'sqa.devops', | |
| 'qa': 'nonprod.devops', | |
| 'prod': 'prod.devops', | |
| 'prod2': 'prod2.devops', | |
| 'poc': 'poc.devops', | |
| } | |
| # all acm regions possible | |
| regions = [ | |
| "us-east-2", | |
| "us-east-1", | |
| "us-west-1", | |
| "us-west-2", | |
| "ap-northeast-1", | |
| "ap-northeast-2", | |
| "ap-northeast-3", | |
| "ap-south-1", | |
| "ap-southeast-1", | |
| "ap-southeast-2", | |
| "ca-central-1", | |
| "eu-central-1", | |
| "eu-west-1", | |
| "eu-west-2", | |
| "eu-west-3", | |
| "sa-east-1" | |
| ] | |
| def get_for_account(profile_name, region): | |
| _session = boto3.Session(region_name=region, profile_name=profile_name) | |
| try: | |
| resp = _session.client('acm').list_certificates( | |
| CertificateStatuses=[ | |
| 'PENDING_VALIDATION', 'ISSUED', 'INACTIVE', 'EXPIRED', 'VALIDATION_TIMED_OUT', 'REVOKED', 'FAILED' | |
| ], | |
| MaxItems=500) | |
| certs = resp.get('CertificateSummaryList') | |
| except: | |
| return None, | |
| return certs | |
| if __name__ == '__main__': | |
| total = 0 | |
| common_names = [] | |
| denied_by_policy = [] | |
| column_rows = [] | |
| for region in regions: | |
| for env, profile in accounts.items(): | |
| resp = get_for_account(profile, region) | |
| if resp: | |
| resp = [cert for cert in resp if cert] | |
| if resp: | |
| total += len(resp) | |
| for cert_info in resp: | |
| common_names.append(cert_info.get('DomainName')) | |
| star_certs = [cert_info for cert_info in resp if '*' in cert_info.get('DomainName')] | |
| column_rows.append([region, env, len(resp), len(star_certs), len(resp) - len(star_certs)]) | |
| else: | |
| denied_by_policy.append({ | |
| 'region': region, | |
| 'profile': profile | |
| }) | |
| print(f"Certificate common names: {common_names}") | |
| star_certs = [c for c in common_names if '*' in c] | |
| # format and print table | |
| table = texttable.Texttable() | |
| headers = ['Region', 'AWS Env', 'Total', "Wildcard", "Standard"] | |
| table.header(headers) | |
| table.add_rows(rows=column_rows, header=False) | |
| table.set_cols_align(['c' for name in headers]) | |
| print(table.draw()) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment