list aws acm certificates with validation type
Just some interesting code to remember
The Issue
I used email validated aws acm certificates for a while, than aws invented the dns validation of certificates.
Because I have many certificates, I'm using several aws accounts and aws certificates needs to requested per region, it is really hard to find which certificates might need reconfiguration from email to dns validation.
My Solutions
I wrote a small typescript script, which asks acm in several regions and lists there validation type:
import { ACM } from 'aws-sdk';
const { accessKeyId, secretAccessKey } = process.env;
const printCerts = async (regions: string[]): Promise<void> => {
for (const region of regions) {
const acm = new ACM({ accessKeyId, secretAccessKey, region, apiVersion: '2015-12-08' });
let token: ACM.NextToken | undefined;
do {
const { CertificateSummaryList: certs = [], NextToken: nextToken } = await acm.listCertificates({ NextToken: token }).promise();
for (const cert of certs) {
if (cert.CertificateArn) {
const { Certificate: certDetails = {} } = await acm.describeCertificate({ CertificateArn: cert.CertificateArn }).promise();
const validationMethods = (certDetails.DomainValidationOptions || []).map(o => o.ValidationMethod).filter((v, i, a) => a.indexOf(v) === i).join(',');
console.log(`${certDetails.Status}: ${region} - ${certDetails.DomainName} (${certDetails.SubjectAlternativeNames}) - NotAfter: ${certDetails.NotAfter} => ${validationMethods}`);
}
}
token = nextToken;
} while (token != undefined);
}
}
const main = async (): Promise<void> => {
try {
printCerts(['eu-central-1', 'eu-west-1', 'us-east-1']);
} catch (e) {
console.error(e);
}
}
main();
Read More
- https://aws.amazon.com/de/blogs/security/easier-certificate-validation-using-dns-with-aws-certificate-manager/
- https://aws.amazon.com/about-aws/whats-new/2017/11/aws-certificate-manager-easier-certificate-validation-using-dns/