以下是用于删除AWS上已过期证书的Shell脚本示例(适用于Linux和macOS系统):
#!/bin/bash
#输入AWS IAM用户ID和AWS访问密钥
AWS_ACCESS_KEY_ID='<input-AWS access key>'
AWS_SECRET_ACCESS_KEY='<input-AWS secret key>'
#设置AWS区域
AWS_DEFAULT_REGION='<input-AWS region>'
#指定证书在IAM中的名称
CERT_NAME='<input-certificate name>'
#指定删除证书的时间(单位整数天)
EXPIRE_DAYS='<input-the expired day>'
#获取证书ARN值
CERT_ARN=$(aws iam list-server-certificates --query "ServerCertificateMetadataList[?ServerCertificateName=='$CERT_NAME'].[Arn]" --output text --region $AWS_DEFAULT_REGION --aws-iam-user $AWS_ACCESS_KEY_ID --aws-credentials-file $AWS_SECRET_ACCESS_KEY)
if [[ -z "$CERT_ARN" ]]; then
echo "The certificate does not exist."
exit 1
fi
#获取证书过期时间戳值和当前时间戳值
END_DATE=$(aws iam get-server-certificate --server-certificate-name $CERT_NAME --query 'ServerCertificate.Certificate.NotAfter' --output text --region $AWS_DEFAULT_REGION --aws-iam-user $AWS_ACCESS_KEY_ID --aws-credentials-file $AWS_SECRET_ACCESS_KEY)
CURRENT_TIME=$(date +%s)
END_TIME=$(date -d "$END_DATE" +%s)
#比较过期时间和当前时间
EXPIRATION_TIME=$((END_TIME - CURRENT_TIME))
EXPIRATION_DAYS=$((EXPIRATION_TIME / 86400))
if (( $EXPIRATION_DAYS < $EXPIRE_DAYS )); then
echo "The certificate will expire soon. It will be deleted."
aws iam delete-server-certificate --server-certificate-name $CERT_NAME --region $AWS_DEFAULT_REGION --aws-iam-user $AWS_ACCESS_KEY_ID --aws-credentials-file $AWS_SECRET_ACCESS_KEY
else
echo "The certificate has not yet expired."
fi
上述脚本