Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@riccardomc

riccardomc/oidc-thumbprint-regions.sh

Created November 28, 2019 11:19
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save riccardomc/a3891356b09516ab3f3b79a12e9b13e1 to your computer and use it in GitHub Desktop.
Save riccardomc/a3891356b09516ab3f3b79a12e9b13e1 to your computer and use it in GitHub Desktop.
Download ZIP
Extract OIDC provider thumbprint for all AWS Region with EKS support
Raw
oidc-thumbprint-regions.sh
#!/bin/bash
set -e
if [ ! -z "$DEBUG" ] ; then
set -x
fi
REGIONS="us-east-2
us-east-1
us-west-1
us-west-2
ap-east-1
ap-northeast-2
ap-southeast-1
ap-southeast-2
ap-northeast-1
eu-central-1
eu-west-1
eu-west-2
eu-west-3
eu-north-1
me-south-1
sa-east-1"
for REGION in $REGIONS ; do
JWKS_URI="oidc.eks.${REGION}.amazonaws.com"
# Extract all certificates in separate files
# https://unix.stackexchange.com/questions/368123/how-to-extract-the-root-ca-and-subordinate-ca-from-a-certificate-chain-in-linux
TEMP=$(mktemp -d -t oidc-eks-XXXX)
openssl s_client -servername $JWKS_URI -showcerts -connect $JWKS_URI:443 < /dev/null 2>/dev/null | awk -v dir="$TEMP" '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/{ if(/BEGIN/){a++}; out=dir"/cert00"a".crt"; print >out }'
# Assume last found certificate in chain is the ROOT_CA
ROOT_CA=$(ls -1 $TEMP/* | tail -1)
# Extract fingerprint in desired format (no header, no colons)
THUMBPRINT=$(openssl x509 -fingerprint -noout -in $ROOT_CA | sed 's/^.*=//' | sed 's/://g')
printf '{"%s": "%s"}\n' $REGION $THUMBPRINT
rm -rf $TEMP
done
@riccardomc
Copy link
Author

Output

{"us-east-2": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"us-east-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"us-west-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"us-west-2": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"ap-east-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"ap-northeast-2": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"ap-southeast-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"ap-southeast-2": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"ap-northeast-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"eu-central-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"eu-west-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"eu-west-2": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"eu-west-3": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"eu-north-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"me-south-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}
{"sa-east-1": "9E99A48A9960B14926BB7F3B02E22DA2B0AB7280"}

@donam-givita
Copy link

Thank you mate 👍

@ydoug33
Copy link

ydoug33 commented Jul 28, 2023

oidc-thumbprint-regions.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment