Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Dump environment variables for all Elastic Beanstalk apps in an AWS account, redacting passwords/secrets/keys/tokens
import boto3
client = boto3.client("elasticbeanstalk")
apps = client.describe_applications()
for app in apps["Applications"]:
envs = client.describe_environments(ApplicationName=app["ApplicationName"])
for env in envs["Environments"]:
env_name = env["EnvironmentName"]
if "prod" in env_name or "prd" in env_name:
print("\n" + app["ApplicationName"])
config = client.describe_configuration_settings(ApplicationName=app["ApplicationName"], EnvironmentName=env_name)
for item in config["ConfigurationSettings"][0]["OptionSettings"]:
if item["Namespace"] == "aws:elasticbeanstalk:application:environment":
key = item["OptionName"]
value = item["Value"]
for redacted in ("PASS", "SECRET", "KEY", "TOKEN"):
if redacted in key.upper():
value = "[REDACTED]"
print('%s="%s"' % (key, value))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment