Shell Script for AWS Expired Certs to Delete

Question

Trying to write a script to find and delete aws certs which are expired

#!/bin/bash

for c in $(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn' --output text)
    do aws acm describe-certificate --certificate-arn $c --query 'Certificate.[CertificateArn,DomainName,Status,NotAfter]'
done

THEN I GOT THIS OUTPUT "arn:aws:acm:us-east-1: somenumbers "*blabla.com", "ISSUED", "2020-11-10T12:00:00+00:00"

Please review the format of code and other parts of your question — Diego Torres Milano, Mar 16 '22 at 16:23

score 1 · Accepted Answer · answered Mar 25 '22 at 15:53

In case if you someone need to delete EXPIRED certs in aws. Here is bash script! This script perfectly work in my environment

#!/bin/bash
#set -x 
echo ""
echo "--> Displaying todays date"
echo ""
sleep 2

DATE=$(date '+%Y-%m-%dT%H:%M:%S+00:00')
             
echo "--> Todays date is ----- "$DATE" ------ "
echo ""
echo "--> Collecting certs IDs and parsing EXPIRED ones into json file."
echo "-----------------------------------------------------------------"

for c in $(aws acm list-certificates --query 'CertificateSummaryList[].CertificateArn' --output text); do 
    aws acm describe-certificate  --certificate-arn "$c"  --output json | jq --arg date "$DATE" -r '.| select(.Certificate.NotAfter <= $date ) | .Certificate.CertificateArn' >> certs2.json
    echo "Processing --> $c"
    #Looping through each line of certs2.json to collect arn of each cert and then deleting it
done

while read -r line; do 
    aws acm delete-certificate --certificate-arn "$line" --output text
    echo "Deleting Expired Certificate --> "$line" "
done <certs2.json

#echo "Deleting certs2.json File"
#rm -rf certs2.json

echo "---------------------All Expired Certificates are deleted!-------------------------"

Shell Script for AWS Expired Certs to Delete

1 Answers1