CloudSec_Scripts/API_Gateway_Cert_Auth.sh at main · Los-merengue/CloudSec_Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash

:'

This is a useful script for making the configuration of authenticity mechanism
is done on the client side of the API gateway e.g SSL/TLS in order to make sure
that the request to the backend system is coming from the right source that is
required to perform this operation.

If no clientCertificateId is given after the second command it means the SSL/TLS
certificate was not configured and this can result to a vulnerability because
it implies that authenticity can be forged.

Obtaining this information is useful for audit and it prevent forgery of request
from an unauthentic user.

Author: Emeka Michael Nzeopara

'
time_map=$(date +"%m-%d-%Y");

echo -e "[*] Starting API Gateway Client-Side Certificates For Authenticity Script execution at: $time_map\n"

#Dump the API Gateway ID Information.

echo -e "[*] Dumping the API Gateway ID\n"

aws apigateway get-rest-apis --region us-west-2 --output text --query 'items[*].id' > API_id.txt

# Getting the Stages and Information of the API in these stages

while IFS= read -r line; do echo -e "$line\n"; aws apigateway get-stages --region us-west-2 --rest-api-id $line \
 --query 'item[?(stageName=='Staging')].clientCertificateId'; echo -e "\n--------------------------"; done < API_id.txt


while IFS= read -r line; do echo -e "$line\n"; aws apigateway get-stages --region us-west-2 --rest-api-id $line \
 --query 'item[?(stageName=='Development')].clientCertificateId'; echo -e "\n--------------------------"; done < API_id.txt


echo -e "[*]=====COMPLETED EXECUTION OF THE PROGRAM=====[*]\n"