This repository has been archived by the owner on Dec 9, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
teardown.sh
executable file
·90 lines (65 loc) · 2.59 KB
/
teardown.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash
echo -e "---------------------------- AWS Client VPN Helper ----------------------------\n"
# Load variables from Configuration file
. variables.cfg
# Check that all variables are available
REQUIRED_ARGUMENTS=("WORKDIR" "SERVERNAME" "CLIENTNAME")
for REQUIRED in ${REQUIRED_ARGUMENTS[@]}; do
if [ -z $(eval echo \$$REQUIRED) ]; then
echo -e " ERROR: Configuration is missing the argument $REQUIRED.\n \
Required variables are ${REQUIRED_ARGUMENTS[@]}."; exit 1
fi
done
# Make sure the working directory has correct
if [ -f "$WORKDIR/`basename "$0"`" ]; then
cd $WORKDIR
else
echo " ERROR: The working directory doesn't look valid. \
Please make sure you update variables.cfg"; exit 1
fi
# Operational Function
function remove-resources {
echo -e "Removing all AWS ClientVPN resources and the OpenVPN Configuration file\n"
# Remove ClientVPN
ENDPOINTID=$(aws ec2 describe-client-vpn-endpoints \
--output=text \
--filters="Name=tag:Name,Values=$SERVERNAME" \
--query='ClientVpnEndpoints[].ClientVpnEndpointId')
NETWORKASSOCID=$(aws ec2 describe-client-vpn-target-networks \
--output=text \
--client-vpn-endpoint-id="$ENDPOINTID" \
--query='ClientVpnTargetNetworks[].AssociationId')
if [ -n "$ENDPOINTID" ]; then
aws ec2 disassociate-client-vpn-target-network \
--client-vpn-endpoint-id="$ENDPOINTID" \
--association-id="$NETWORKASSOCID"
aws ec2 delete-client-vpn-endpoint \
--client-vpn-endpoint-id="$ENDPOINTID"
fi
# Remove SSM Parameters
aws ssm delete-parameter --name="/clientvpn/$CLIENTNAME.crt"
aws ssm delete-parameter --name="/clientvpn/$CLIENTNAME.key"
# Remove ACM Certificates
QUERY="'CertificateSummaryList[?DomainName==\`$SERVERNAME\`].CertificateArn'"
SERVERCERTARN=$(eval aws acm list-certificates \
--output=text \
--query=$QUERY)
if [ -n "$SERVERCERTARN" ]; then
aws acm delete-certificate --certificate-arn=$SERVERCERTARN
fi
QUERY="'CertificateSummaryList[?DomainName==\`$CLIENTNAME\`].CertificateArn'"
CLIENTCERTARN=$(eval aws acm list-certificates \
--output=text \
--query=$QUERY)
if [ -n "$CLIENTCERTARN" ]; then
aws acm delete-certificate --certificate-arn=$CLIENTCERTARN
fi
echo -e "\nProceedure completed."
}
# Main Execution
read -p "Do you want to remove the Client VPN? [y/n] " createopt
if [ "$createopt" == "y" ] || [ "$createopt" == "yes" ]; then
remove-resources
else
echo "Exiting"; exit
fi