161 lines
5.6 KiB
PowerShell
161 lines
5.6 KiB
PowerShell
function Get-ACMCertificateBindingList {
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Retrieves the Alkami AWS ACM certificate bindings for all AWS accounts.
|
|
|
|
.DESCRIPTION
|
|
Retrieves ACM certificate bindings for all AWS accounts and includes the ELB listeners. The script will search all AWS accounts
|
|
and each region Alkami has resources in. Alternatively, the example below demonstrates how to limit the search by profile and region.
|
|
|
|
.PARAMETER DomainName
|
|
The Alkami domain name of the AWS ACM certificates to retrieve.
|
|
|
|
.PARAMETER ProfileName
|
|
The Alkami AWS profile name to query for ACM certificates.
|
|
|
|
.PARAMETER Region
|
|
The supported Alkami AWS region in which to query for ACM certificates.
|
|
|
|
.EXAMPLE
|
|
Get-ACMCertificateBindingList -DomainName '*.dev.alkamitech.com'' -ProfileName 'temp-dev' -Region 'us-east-1'
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
[OutputType([PSObject[]])]
|
|
param (
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string] $DomainName,
|
|
|
|
[Parameter(Mandatory = $false) ]
|
|
[ValidateScript( { $_ -in (Get-AlkamiAwsProfileList) })]
|
|
[string] $ProfileName = $null,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[ValidateScript( { $_ -in (Get-SupportedAwsRegions) })]
|
|
[string] $Region = $null
|
|
)
|
|
|
|
$output = @()
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
Import-AWSModule
|
|
|
|
if ( $PSBoundParameters.ContainsKey('ProfileName')) {
|
|
|
|
$profileList = @($ProfileName)
|
|
|
|
} else {
|
|
|
|
Write-Host "$logLead : User did not provide a ProfileName, using all standard Alkami AWS ProfileNames"
|
|
$profileList = Get-AlkamiAwsProfileList
|
|
}
|
|
|
|
if ($PSBoundParameters.ContainsKey('Region')) {
|
|
|
|
$regionList = @($Region)
|
|
|
|
} else {
|
|
|
|
Write-Host "$logLead : User did not provide a Region, using all supported Alkami AWS Regions"
|
|
$regionList = Get-SupportedAwsRegions
|
|
}
|
|
|
|
foreach ( $curProfile in $profileList ) {
|
|
|
|
Write-Host "$logLead : Processing $curProfile"
|
|
|
|
foreach ( $curRegion in $regionList ) {
|
|
|
|
Write-Host "$logLead : Processing $curRegion"
|
|
|
|
try {
|
|
|
|
$certList = Get-ACMCertificateDetailsListByName -DomainName $DomainName -ProfileName $curProfile -Region $curRegion
|
|
|
|
} catch {
|
|
|
|
Write-Warning "$logLead : Unable to retrieve ACM certificate details by name : $($_.Exception.Message)"
|
|
Continue
|
|
}
|
|
|
|
if (Test-IsCollectionNullOrEmpty $certList) {
|
|
|
|
Write-Warning "$logLead : No certificates found with a domain name of [$($DomainName)]"
|
|
Continue
|
|
}
|
|
|
|
$apiGatewayDomains = Get-AG2DomainNameList -ProfileName $curProfile -Region $curRegion
|
|
|
|
foreach ( $curCert in $certList ) {
|
|
|
|
Write-Host "$logLead : Processing $($curCert.CertificateArn) : expires on $($curCert.NotAfter.Date)"
|
|
|
|
$tempObject = [pscustomobject]@{
|
|
'DomainName' = $curCert.DomainName
|
|
'Profile' = $curProfile
|
|
'Region' = $curRegion
|
|
'ARN' = $curCert.CertificateArn
|
|
'NotAfter' = $curCert.NotAfter.Date
|
|
'RenewalEligibility' = $curCert.RenewalEligibility.Value
|
|
'InUseBy' = @()
|
|
}
|
|
|
|
foreach ( $curUser in $curCert.InUseBy ) {
|
|
|
|
Write-Host "$logLead : Cert is in use by ARN: $curUser"
|
|
|
|
if ( $curUser -match 'loadbalancer' ) {
|
|
|
|
try {
|
|
|
|
$elbListeners = Get-ELB2Listener -LoadBalancerArn $curUser -ProfileName $curProfile -Region $curRegion
|
|
|
|
} catch {
|
|
|
|
Write-Warning "$logLead : Encountered an error retrieving ELB Listener details for $curUser : $($_.Exception.Message)"
|
|
$tempObject.InUseBy += $curUser
|
|
}
|
|
|
|
foreach ( $elbListener in $elbListeners ) {
|
|
|
|
try {
|
|
|
|
$elbListenerCertList = (Get-ELB2ListenerCertificate -ListenerArn $elbListener.ListenerArn -ProfileName $curProfile -Region $curRegion).CertificateArn
|
|
|
|
} catch {
|
|
|
|
Write-Warning "$logLead : Error encountered while retrieving ELB Listener certificate list for $($elbListener.ListenerArn): $($_.Exception.Message)"
|
|
}
|
|
|
|
if ( $elbListenerCertList -contains $curCert.CertificateArn ) {
|
|
|
|
Write-Verbose "$logLead : Cert is in use by ELB Listener $($elbListener.ListenerArn)"
|
|
$tempObject.InUseBy += $elbListener.ListenerArn
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
$tempObject.InUseBy += $curUser
|
|
}
|
|
}
|
|
|
|
$filteredAGDomains = $apiGatewayDomains | Where-Object { $_.DomainNameConfigurations.CertificateArn -eq $curCert.CertificateArn }
|
|
foreach ( $agDomain in $filteredAGDomains ) {
|
|
|
|
$agMaps = Get-AG2ApiMappingList -DomainName $agDomain.Name -ProfileName $curProfile -Region $curRegion
|
|
foreach ( $agMap in $agMaps ) {
|
|
$tempObject.InUseBy += "arn:aws:apigateway:$curRegion::/restapis/$($agMap.ApiId)/stages/$($agMap.Stage)"
|
|
}
|
|
}
|
|
|
|
$output += $tempObject
|
|
}
|
|
}
|
|
}
|
|
|
|
return $output
|
|
} |