Created
March 8, 2017 16:38
-
-
Save burdara/1d01df1328eb9d08ffb6331bc6cda46a to your computer and use it in GitHub Desktop.
Iterate over Route53 DNS to check certificates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| expire_check_secs=2592000 | |
| formatDate() { | |
| date -jf '%b %d %H:%M:%S %Y %Z' "$1" +'%Y-%m-%d %H:%M:%S' | |
| } | |
| create_md_file() { | |
| local r53_zone_id="$1" | |
| local r53_zone_nm="$2" | |
| local r53_records=$( | |
| aws route53 list-resource-record-sets \ | |
| --hosted-zone-id "$r53_zone_id" | \ | |
| jq -r '.ResourceRecordSets[] | select(.Type == "A" or .Type == "CNAME")' | |
| ) | |
| cat <<EOF > "${r53_zone_id}.md" | |
| # $r53_zone_nm ($r53_zone_id) | |
| |Host|Type|Source|Expires Soon|NotBefore|NotAfter|Subject| | |
| |----|----|------|------------|---------|--------|-------| | |
| EOF | |
| for r53_host_nm in $(echo "$r53_records" | jq -r '.Name'); do | |
| local out_host="${r53_host_nm%.}" | |
| local out_type=$(echo "$r53_records" | jq -r "select(.Name == \"${r53_host_nm/\\/\\\\}\").Type") | |
| local out_records=$(echo $(echo "$r53_records" | jq -r "select(.Name == \"${r53_host_nm/\\/\\\\}\") | if .ResourceRecords then .ResourceRecords[].Value else \"\" end")) | |
| local out_alias=$(echo "$r53_records" | jq -r "select(.Name == \"${r53_host_nm/\\/\\\\}\") | if .AliasTarget then .AliasTarget.DNSName else \"\" end") | |
| local cert_info=$(echo | gtimeout 3 openssl s_client -connect "$out_host:443" 2>/dev/null | openssl x509 -noout -subject -dates 2>/dev/null) | |
| [[ -z "$cert_info" ]] && continue | |
| local out_expires_soon=$(echo | gtimeout 3 openssl s_client -connect "$out_host:443" 2>/dev/null | openssl x509 -noout -checkend "$expire_check_secs" 2>/dev/null && echo no || echo yes) | |
| local out_not_before=$(echo "$cert_info" | grep 'notBefore') | |
| local out_not_after=$(echo "$cert_info" | grep 'notAfter') | |
| local out_subject=$(echo "$cert_info" | grep 'subject') | |
| cat <<EOF >> "${r53_zone_id}.md" | |
| |$out_host|$out_type|$out_records $out_alias|$out_expires_soon|$(formatDate "${out_not_before#*=}")|$(formatDate "${out_not_after#*=}")|${out_subject#*=}| | |
| EOF | |
| done | |
| } | |
| r53_host_zones=$( | |
| aws route53 list-hosted-zones | \ | |
| jq -r '.HostedZones[] | select(.Config.PrivateZone == false) | .Id +"~"+ .Name' | \ | |
| awk -F/ '{print $3}' | |
| ) | |
| for r53_zone_info in $r53_host_zones; do | |
| echo "${r53_zone_info%%~*}.md started" | |
| create_md_file "${r53_zone_info%%~*}" "${r53_zone_info##*~}" & | |
| pids+="$!~${r53_zone_info%%~*} " | |
| done | |
| for pid in $pids; do | |
| wait ${pid%%~*} | |
| echo "${pid##*~}.md finished" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment