LoginSignup
1
1

More than 5 years have passed since last update.

@kenjin898(kenji i)

[AWS]ACMの期限確認を自動にしてSlackに飛ばすようにしてみた

Last updated at Posted at 2018-01-09

AWSからACMの更新メールが来ないときあるので、念のため作ってみた
速攻作ったので、クレーム一切受け付けません

jq不使用
複数アカウント対応

#!/bin/bash

now=`date "+%s"`
_lockfile_dir=/***/***/.acm-tmp-lock
_lockfile=${_lockfile_dir}/acm_check.lock

[ -d ${_lockfile_dir} ] || mkdir ${_lockfile_dir}

if [ -f ${_lockfile} ]; then
    echo "LOCKED"
    exit 1
fi

#Create LockFile
touch ${_lockfile}

_conf=/***/***/conf/
_date=`date`

for _confgile in `ls -1 ${_conf}|grep knife.rb`
do
    _title=`echo ${_confgile} | sed 's/\-knife.rb//g'`
    _region=`grep region ${_conf}${_confgile} | cut -d '=' -f 2 | cut -d '"' -f 2`
    chanel_name='#chanel-name'

    all_region=(us-east-2 us-east-1 us-west-1 us-west-2 ap-south-1 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 eu-central-1 eu-west-1 eu-west-2 sa-east-1)
    for region_all in ${all_region[@]}
    do
      for acmid in `aws --profile ${_title} --region ${region_all} acm list-certificates --output text | awk -F " " '{print $2}'`
      do

        certificate_name=`aws --profile ${_title} --region ${region_all} acm describe-certificate --certificate-arn ${acmid} --query Certificate.[DomainName] --output text`
        certificate_use=`aws --profile ${_title} --region ${region_all} acm describe-certificate --certificate-arn ${acmid} --query Certificate.[InUseBy] --output text`
        certificate_unix_time=`aws --profile ${_title} --region ${region_all} acm describe-certificate --certificate-arn ${acmid} --query Certificate.[NotAfter] --output text | awk -F "." '{print $1}'`
        if [ "${certificate_unix_time}" != "None" ]; then
         jst_time=`date -d @$certificate_unix_time`
         rema_check=`expr $certificate_unix_time - $now`
         rema_time=`expr $rema_check / 86400 + 1`
        fi

         if [ $rema_time -lt 40 ] && [ -n "${certificate_use}" ]; then
           curl -X POST --data-urlencode "payload={\"channel\": \"$chanel_name\", \"username\": \"ACM-Alert\", \"text\": \" Warning remaining $rema_time day $certificate_name $region_all\", \"icon_emoji\": \":warning:\"}" https://hooks.slack.com/
         elif [ $rema_time -lt 40 ]; then
           curl -X POST --data-urlencode "payload={\"channel\": \"$chanel_name\", \"username\": \"ACM-Alert\", \"text\": \" Info remaining $rema_time day $certificate_name but Not Use ACM $region_all\", \"icon_emoji\": \":warning:\"}" https://hooks.slack.com/
         else
          echo "[Remaining] ${rema_time}day" #ファイルに吐いてもいいと思う なんでもいい
         fi

      done
   done
done

rm -f ${_lockfile}

動かなくても何も言わないでね!!
そのうちDocker化してみる

1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1