Created
December 17, 2020 00:18
-
-
Save Jonty/5f5bfad86aa7ac3e6032c939cbe6ce43 to your computer and use it in GitHub Desktop.
Dump environment variables for all Elastic Beanstalk apps in an AWS account, redacting passwords/secrets/keys/tokens
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| client = boto3.client("elasticbeanstalk") | |
| apps = client.describe_applications() | |
| for app in apps["Applications"]: | |
| envs = client.describe_environments(ApplicationName=app["ApplicationName"]) | |
| for env in envs["Environments"]: | |
| env_name = env["EnvironmentName"] | |
| if "prod" in env_name or "prd" in env_name: | |
| print("\n" + app["ApplicationName"]) | |
| config = client.describe_configuration_settings(ApplicationName=app["ApplicationName"], EnvironmentName=env_name) | |
| for item in config["ConfigurationSettings"][0]["OptionSettings"]: | |
| if item["Namespace"] == "aws:elasticbeanstalk:application:environment": | |
| key = item["OptionName"] | |
| value = item["Value"] | |
| for redacted in ("PASS", "SECRET", "KEY", "TOKEN"): | |
| if redacted in key.upper(): | |
| value = "[REDACTED]" | |
| break | |
| print('%s="%s"' % (key, value)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment