Skip to content

Instantly share code, notes, and snippets.

@avi-beetul

avi-beetul/ssm_parameter_re_encrypt.py

Last active September 4, 2018 04:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save avi-beetul/b9cf34939d72e289a2a3cfe2f4a89aaa to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save avi-beetul/b9cf34939d72e289a2a3cfe2f4a89aaa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssm_parameter_re_encrypt.py
import boto3
from botocore.exceptions import ClientError
import os
import sys
import json
sys.argv = sys.argv[1:]
if sys.argv:
# first elem of sys argument must be a comma separated list
# e.g ['NPM_TOKEN','NPM_FONT_AWESOME','/api/prod']
# sanitised before parsing
PATH = sys.argv[0].strip('[]').split(',')
KEY_ID = sys.argv[1]
def get_parameter_history(name):
try:
response = ssm.get_parameter_history(
Name=name,
WithDecryption=True
)
for res in response['Parameters']:
print("Value:{0}, KeyID: {1}, Type: {2}".format(res['Value'], res['KeyId'], res['Type']))
except ClientError as e:
print e.response['Error']['Code']
def get_parameter(name):
try:
response = ssm.get_parameter(
Name=name,
WithDecryption=True
)
return response['Parameter']['Value']
except ClientError as e:
print e.response['Error']['Code']
def get_multiple_parameter(name_list):
# Limit: Minimum number of 1 item. Maximum number of 10 items.
response = ssm.get_parameters(
Names=name_list,
WithDecryption=True
)
return response['Parameters']
def delete_parameter(name):
try:
response = ssm.delete_parameter(
Name=name
)
print('{} has been deleted'.format(name))
return response['ResponseMetadata']['HTTPStatusCode']
except ClientError as e:
print e.response['Error']['Code']
def create_parameter(name, value, type, key_id, description=None):
if description is None:
description = ""
response = ssm.put_parameter(
Name=name,
Description=description,
Value=value,
Type=type,
KeyId=key_id
)
return response['ResponseMetadata']['HTTPStatusCode']
def get_parameter_by_path(path, next_token=None):
params = {
'Path': path,
'Recursive': True,
'WithDecryption': True
}
if next_token is not None:
params['NextToken'] = next_token
response = ssm.get_parameters_by_path(**params)
return response
def parameters():
try:
for path in PATH:
if path.startswith('/'):
next_token = None
while True:
response = get_parameter_by_path(path, next_token)
parameters = response['Parameters']
if len(parameters) == 0:
break
for parameter in parameters:
yield parameter
if 'NextToken' not in response:
break
next_token = response['NextToken']
path = [elem for i, elem in enumerate(PATH) if '/' not in elem]
if len(path) >= 1:
parameters = get_multiple_parameter(path)
for parameter in parameters:
yield parameter
except Exception as e:
print("Error: ", e)
def main():
try:
for parameter in parameters():
print('{0} : {1}'.format(parameter['Name'], parameter['Type']))
if parameter['Type'] == 'SecureString':
delete_result = delete_parameter(parameter['Name'])
if delete_result == 200:
create_result = create_parameter(parameter['Name'], parameter['Value'], parameter['Type'], KEY_ID)
print('{0} successfully re-created: {1} OK'.format(parameter['Name'], create_result))
else:
print('{0} of type {1} not modified'.format(parameter['Name'], parameter['Type']))
except ClientError as e:
print e.response['Error']['Code']
if __name__ == '__main__':
session = boto3.session.Session(region_name='ap-southeast-2', profile_name=os.getenv('AWS_PROFILE', 'default'))
ssm = session.client('ssm')
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment