in SubTemplates/IoT/Lambdas/cert_rotation_monitor/app.py [0:0]
def deactivate_cert(thing_id):
#Get all the certificates for a thing
principals = client.list_thing_principals(
thingName=thing_id
)
#Describe each certificate
for arn in principals['principals']:
cert_id = strip_arn(arn)
cert = client.describe_certificate(
certificateId=cert_id
)
#strip timezone awareness for date compare
cert_date = cert['certificateDescription']['creationDate'].replace(tzinfo=None)
#Deactivate old certificates
if cert_date < datetime.now() - timedelta(minutes=5):
activation_response = client.update_certificate(
certificateId=cert['certificateDescription']['certificateId'],
newStatus='INACTIVE')
client.detach_thing_principal(thingName=thing_id, principal=arn)