Skip to content

Instantly share code, notes, and snippets.

@bashtoni
Created July 4, 2018 10:48
Show Gist options
  • Save bashtoni/995c0683bb18fd19eaefdc296a9401d8 to your computer and use it in GitHub Desktop.
Save bashtoni/995c0683bb18fd19eaefdc296a9401d8 to your computer and use it in GitHub Desktop.
Find ARN for ACM certificate for a given domain name
aws acm us-east-1 list-certificates --query CertificateSummaryList[].[CertificateArn,DomainName] \
--output text | grep example.com | cut -f1
@comster
Copy link

comster commented Sep 16, 2019

cool!

@tabris2015
Copy link

Thanks mate

@meanderer-tech
Copy link

I'm surprised that the cli doesn't have built in to filter by domain name, thanks.

@mehmetafsar510
Copy link

Perfect

@venkateshakarle
Copy link

This is perfect. Thank you.

One problem I see is, if there is domain with prefix, then it will provide those too.
for ex:
if we want to get ARN for example.com but there is one separate SSL for uat.example.com domain, then this command giving both of them.

@DimitrijeManic
Copy link

Using AWS query

aws acm list-certificates --query "CertificateSummaryList[?DomainName=='example.com'].CertificateArn" --output text

@venkateshakarle
Copy link

Using AWS query

aws acm list-certificates --query "CertificateSummaryList[?DomainName=='example.com'].CertificateArn" --output text

perfect. thanks 👍

@mr-davidc
Copy link

That's exactly what I was looking for although I'm surprised there isn't a CLI switch option built directly into the aws acm command to get by domain name. Thanks @DimitrijeManic

@proshoumma
Copy link

was looking for this, thanks mate!

@jesselang
Copy link

Love that AWS query. ❤️ Thanks!

@subhahemalatha
Copy link

Im getting Bad jmespath expression: Unknown token '-': error after command execution , can please guide me

@dmoughabghab
Copy link

Nicely done

@firxworx
Copy link

firxworx commented Jul 3, 2023

Thanks for the gist!

Here's a version with the JMESPath query that adds --region and --profile flags.

aws acm list-certificates --query "CertificateSummaryList[?DomainName=='example.com'].CertificateArn" --output text --region us-east-1 --profile default

In terms of writing a script I think you almost certainly want to specify the --region because this is so important for ACM certificates. For example, all CloudFront certificates must be in us-east-1, meanwhile you might have other resources in other regions.

If you omit the --region AWS will fallback to default and this could vary between users / AWS environments.

@bashtoni
Copy link
Author

bashtoni commented Jul 4, 2023

Thanks for the pure JMESPath verison!

In terms of writing a script I think you almost certainly want to specify the --region because this is so important for ACM certificates. For example, all CloudFront certificates must be in us-east-1, meanwhile you might have other resources in other regions.

If you omit the --region AWS will fallback to default and this could vary between users / AWS environments.

I'd suggest that you use the AWS_REGION and AWS_PROFILE variables to handle this - it allows the same script to be used across multiple regions and accounts.
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment