ACMの証明書の期限切れをチェックするスクリプト
About
書いた
スクリプト
require 'aws-sdk' require 'optparse' require 'time' opt = OptionParser.new OPT = {} opt.on('-r VAL') {|v| OPT[:region] = v } opt.on('-p VAL') {|v| OPT[:profile] = v } opt.parse!(ARGV) def client @client ||= get_session end def get_session Aws.config.update(profile: OPT[:profile], region: OPT[:region]) aws = Aws::STS::Client.new() @client = Aws::ACM::Client.new() end def convert_time(time) Time.strptime(time, '%Y-%m-%d %H:%M:%S %z') end def now now ||= Time.now() end puts "profile: #{OPT[:profile]}, region: #{OPT[:region]}" client.list_certificates({})[:certificate_summary_list].each do |acm| resp = client.describe_certificate({ certificate_arn: acm.certificate_arn }) begin expired_date = convert_time(resp.certificate.not_after.to_s) p "#{resp.certificate.domain_name} will expired certificate: #{expired_date}" if now + 86400 * 30 > expired_date rescue => e p "error: #{resp.certificate.domain_name} exception: #{e}" next end end
