Trying to write a script to find and delete aws certs which are expired
#!/bin/bash
for c in $(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn' --output text)
do aws acm describe-certificate --certificate-arn $c --query 'Certificate.[CertificateArn,DomainName,Status,NotAfter]'
done
THEN I GOT THIS OUTPUT
"arn:aws:acm:us-east-1: somenumbers "*blabla.com", "ISSUED", "2020-11-10T12:00:00+00:00"
In case if you someone need to delete EXPIRED certs in aws. Here is bash script! This script perfectly work in my environment
#!/bin/bash
#set -x
echo ""
echo "--> Displaying todays date"
echo ""
sleep 2
DATE=$(date '+%Y-%m-%dT%H:%M:%S+00:00')
echo "--> Todays date is ----- "$DATE" ------ "
echo ""
echo "--> Collecting certs IDs and parsing EXPIRED ones into json file."
echo "-----------------------------------------------------------------"
for c in $(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn' --output text); do
aws acm describe-certificate --certificate-arn "$c" --output json | jq --arg date "$DATE" -r '.| select(.Certificate.NotAfter <= $date ) | .Certificate.CertificateArn' >> certs2.json
echo "Processing --> $c"
#Looping through each line of certs2.json to collect arn of each cert and then deleting it
done
while read -r line; do
aws acm delete-certificate --certificate-arn "$line" --output text
echo "Deleting Expired Certificate --> "$line" "
done <certs2.json
#echo "Deleting certs2.json File"
#rm -rf certs2.json
echo "---------------------All Expired Certificates are deleted!-------------------------"