public/Test-AWSWindowsHelpersCertificateValid.ps1
<# .Synopsis Test whether a ACM or IAM certificate is valid .DESCRIPTION Test whether a ACM or IAM certificate is valid .EXAMPLE Test-AWSWindowsHelpersCertificateValid -awsCertARN "arn:aws:iam::123456789012:server-certificate/2017_wild_example_com" .INPUTS awsCertARN - ARN of the AWS certificate to be tested Credential (optional) - Credential to use for AWS commands if supplied ProfileName (optional) - ProfileName to use for AWS commands if supplied .OUTPUTS Returns string "valid" if the certificate state is ok otherwise returns the status of the certificate after the test .FUNCTIONALITY Tests whether a AWS certificate is exists and valid. For ACM certificate this is determined by checking the ACM certificate Status property is in "Issued" state For IAM certificates this is determined by checking the expiry date of the certificate. #> Function Test-AWSWindowsHelpersCertificateValid { [CmdletBinding(PositionalBinding=$false)] Param( [Parameter(Mandatory=$true)] $awsCertARN, $Credential, $ProfileName ) $certDetail = Get-AWSWindowsHelpersCertDetailFromArn -awsCertARN $awsCertARN $baseAWSParams =@{} if($certDetail.AWSRegion){$baseAWSParams.Add('Region',$certDetail.AWSRegion)} if($Credential){$baseAWSParams.Add('Credential',$Credential)} elseif($ProfileName){$baseAWSParams.Add('ProfileName',$ProfileName)} $certificateStatus = "VALID" switch($certDetail.CertificateType) { 'acm' { try { $certificateDetail = Get-ACMCertificateDetail -CertificateArn $awsCertARN @baseAWSParams if($certificateDetail.Status -ne "ISSUED") { $certificateStatus = $certificateDetail.Status } $remainingValidity = New-TimeSpan -End $certificateDetail.NotAfter if($remainingValidity.Days -le 0) { $certificateStatus = "EXPIRED" } elseif($remainingValidity.Days -le 60) { Write-Warning "ACM Certificate has only [$($remainingValidity.Days)] days remaining [$awsCertARN]" } } Catch { $ErrorMessage = $_.Exception.Message Write-Error "Error [$ErrorMessage]" $certificateStatus = "FAILED" } } 'iam' { try { $certificateDetail = Get-IAMServerCertificate -ServerCertificateName $certDetail.CertificateID @baseAWSParams $certificateExpiry = $certificateDetail.ServerCertificateMetadata $remainingValidity = New-TimeSpan -End $certificateExpiry.Expiration if($remainingValidity.Days -le 0) { $certificateStatus = "EXPIRED" } elseif($remainingValidity.Days -le 60) { Write-Warning "IAM Certificate has only [$($remainingValidity.Days)] days remaining" } } Catch { $ErrorMessage = $_.Exception.Message Write-Error "Error [$ErrorMessage] for [$awsCertARN]" -mt warning $certificateStatus = "FAILED" } } } return $certificateStatus } |