[PYTHON] I created a Slack bot that confirms and notifies AWS Lambda of the expiration date of an SSL certificate

Introduction

Currently, the SSL certificate of the server I have privately is set with Let's Encrypt. Let's Encrypt will notify you by e-mail about the expiration date of the certificate, but if it is an e-mail, it may be buried with other e-mails and omission of confirmation may occur.

** If you update it automatically, yeah! I think there is something like **, but this time I will ignore it

environment

local

• Python 3.6
• macOS Sierra 10.12.4

AWS

• Lambda
  • Python 3.6
• CloudWatch

Repository

https://github.com/nnsnodnb/slackbot_ssl_expiration

Preparation

ʻSet Bots in Apps & integrations`

Library

requirements.txt

appdirs==1.4.3
packaging==16.8
pyparsing==2.2.0
requests==2.13.0
six==1.10.0
slacker==0.9.42

Sample source

bot.py

from slacker import Slacker
import datetime
import socket
import ssl
import slack_settings #Slack in the same directory_settings.Place py


slack = Slacker(slack_settings.SLACK_API_TOKEN)


def ssl_valid_time_remaining(hostname):
    expires = ssl_expiry_datetime(hostname)
    return expires - datetime.datetime.utcnow()


def ssl_expires_in(hostname, buffer_days=7):  #Deadline branch 7 days in advance
    remaining = ssl_valid_time_remaining(hostname)
    if remaining < datetime.timedelta(days=0):
        raise AlreadyExpired("Cert expired %s days ago" % remaining.days)
    elif remaining < datetime.timedelta(days=buffer_days):
        return True
    else:
        return False


def ssl_expiry_datetime(hostname):
    ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z'
    context = ssl.create_default_context()

    conn = context.wrap_socket(
            socket.socket(socket.AF_INET),
            server_hostname=hostname,
    )

    conn.settimeout(3.0)
    conn.connect((hostname, 443))
    ssl_info = conn.getpeercert()
    return datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt)  # ssl_info['notAfter']Is the expiration date of the certificate


def post_slack(hostname):
    message = '@channel https://' + hostname + ' '
    if ssl_expires_in(hostname):
        message += 'It's about time to get rid of'
    else:
        message += 'Is still within the deadline' 

    #Methods around here use the slacker package
    slack.chat.post_message(
            '#expiration',
            message,
            as_user=True,
            link_names=True
    )


def execute(event, context):
    post_slack('<YOUR DOMAIN>')

slack_setting.py

SLACK_API_TOKEN = ''

Run locally

$ python bot.py

This time again, Mr. You Watanabe was in charge of the notification.

Lambda settings

1. Trigger settings Set as you like. I have selected the setting to be notified by cron at 2:00 AM from Monday to Friday.
2. Enter the function name appropriately
3. Select Python 3.6 for runtime
4. Source code upload is explained below
5. Enter bot.execute for handler
6. Roll etc. are set individually

Reflection of external library

In the local environment, the following commands etc. are quite good, but

Local environment

$ pip install -r requirements.txt

Since the library is not recognized on AWS Lambda, you need to upload the entire external library.

Save the external library in the project directory

$ pip install <LIBRARY_NAME> -t .

If you do something like that, it will be saved in the project directory. However, it is troublesome to do it one by one, so I did the following.

$ pip freeze > requirements.txt  # requirements.Without txt
$ pip install -r requirements.txt -t .

Then zip and upload

$ zip -r bot.zip *  # bot.zip is your favorite name

There is a bot.zip in the project directory, so selectUpload.ZIP file to upload the bot.zip`.

If you set it up properly, you should be notified to Slack at the set time! In my environment, You Watanabe will inform you from Monday to Friday 2:00 AM as mentioned above! !!