View grab.sh
| #!/bin/bash | |
| # Use the AWS CLI to collect all versions of all AWS managed policies. Example files: | |
| # APIGatewayServiceRolePolicy.v1 | |
| # APIGatewayServiceRolePolicy.v2 | |
| # APIGatewayServiceRolePolicy.v3 | |
| # Usage: ./grab.sh | |
| # Note that the following policies do not exist and create zero byte files: |
0xdabbad00
/ gist:ced7ee7278f8dac24ef9a454ed96028f
Created May 3, 2019
View gist:ced7ee7278f8dac24ef9a454ed96028f
| Announcement: Amazon S3 will no longer support path-style API requests starting September 30th, 2020 | |
| Posted By: Sarasaws | |
| Created in: Forum: Amazon Simple Storage Service (S3) | |
| Posted on: Apr 30, 2019 3:43 PM | |
| Amazon S3 currently supports two request URI styles in all regions: path-style (also known as V1) that includes bucket name in the path of the URI (example: //s3.amazonaws.com/<bucketname>/key), and virtual-hosted style (also known as V2) which uses the bucket name as part of the domain name (example: //<bucketname>.s3.amazonaws.com/key). In our effort to continuously improve customer experience, the path-style naming convention is being retired in favor of virtual-hosted style request format. Customers should update their applications to use the virtual-hosted style request format when making S3 API requests before September 30th, 2020 to avoid any service disruptions. Customers using the AWS SDK can upgrade to the most recent version of the SDK to ensure their applications are using the virtual-hosted st |
0xdabbad00
/ gist:d05b752c84712781c7ec7c040585bf3a
Last active Jun 11, 2019
AWS services per region using botocore endpoints
View gist:d05b752c84712781c7ec7c040585bf3a
| cat botocore/data/endpoints.json | jq -cr '.partitions[0].services | keys[] as $k | .[$k] | .endpoints|to_entries[]| .key +"\t"+ $k' | sort | cut -f1 | uniq -c | sort -nr | sed 's/^ *\([0-9][0-9]*\) /\1 /' | grep -v fips | |
| 126 us-east-1 | |
| 116 us-west-2 | |
| 115 eu-west-1 | |
| 101 ap-southeast-2 | |
| 100 ap-northeast-1 | |
| 97 eu-central-1 | |
| 95 us-east-2 |
0xdabbad00
/ gist:d2617b21b7b0426ca54c1df92adddfce
Created Apr 17, 2019
View gist:d2617b21b7b0426ca54c1df92adddfce
| This XML file does not appear to have any style information associated with it. The document tree is shown below. | |
| <xs:schema xmlns:tns="http://cloudfront.amazonaws.com/doc/2016-01-13/" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://cloudfront.amazonaws.com/doc/2016-01-13/" elementFormDefault="qualified"> | |
| <xs:element name="ActiveTrustedSigners" type="tns:ActiveTrustedSigners"/> | |
| <xs:complexType name="ActiveTrustedSigners"> | |
| <xs:sequence> | |
| <xs:element name="Enabled" type="xs:boolean"/> | |
| <xs:element name="Quantity" type="xs:integer"/> | |
| <xs:element name="Items" type="tns:SignerList" minOccurs="0"/> | |
| </xs:sequence> | |
| </xs:complexType> |
0xdabbad00
/ gist:a31fde35e000de85f679a019fb27b48b
Last active Apr 17, 2019
View gist:a31fde35e000de85f679a019fb27b48b
| { | |
| "version":"2.0", | |
| "metadata":{ | |
| "apiVersion":"2016-01-13", | |
| "endpointPrefix":"cloudfront", | |
| "globalEndpoint":"cloudfront.amazonaws.com", | |
| "protocol":"rest-xml", | |
| "serviceAbbreviation":"CloudFront", | |
| "serviceFullName":"Amazon CloudFront", | |
| "serviceId":"CloudFront", |
0xdabbad00
/ gist:5d1d5fd619a20ba2ee899c56f8d6787f
Created Mar 26, 2019
WARNING: Only tested in a test account, beware, this could break things.
View gist:5d1d5fd619a20ba2ee899c56f8d6787f
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "apigateway:*", | |
| "autoscaling:*", | |
| "cloudtrail:*", | |
| "cloudwatch:*", | |
| "cloudformation:*", |
View gist:489c188a154cb1074f724dec375318b2
| a4b | |
| account | |
| acm | |
| acm-pca | |
| amplify | |
| apigateway | |
| application-autoscaling | |
| appstream | |
| appsync | |
| artifact |
0xdabbad00
/ resources_referenced_by_managed_policies.txt
Created Feb 10, 2019
AWS managed policies resource reference, found using https://github.com/SummitRoute/aws_managed_policies and: cat policies/* | jq '.PolicyVersion.Document.Statement[].Resource' | sed 's/ //' | sort | uniq
View resources_referenced_by_managed_policies.txt
| "*" | |
| "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" | |
| "arn:aws:a4b:*:*:gateway/*" | |
| "arn:aws:acm-pca:*:*:certificate-authority/*" | |
| "arn:aws:acuity:*:*:stream/deeplens*/*" | |
| "arn:aws:apigateway:*::/*" | |
| "arn:aws:apigateway:*::/account", | |
| "arn:aws:apigateway:*::/clientcertificates", | |
| "arn:aws:apigateway:*::/clientcertificates/*", | |
| "arn:aws:apigateway:*::/domainnames" |
0xdabbad00
/ extract.py
Last active Jul 23, 2019
Parse IAM info from https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_actions-resources-contextkeys.html
View extract.py
| #!/usr/bin/env python | |
| from os import listdir | |
| from os.path import isfile, join | |
| import re | |
| import json | |
| from bs4 import BeautifulSoup | |
| """ |
View gist:f8c0054f3fb4eeb9a3e95a01cdca2c36
| Clone botocore and run `git rev-list --all > commit_list.txt` to get a chrological list of the hashes. | |
| Then I manually installed https://github.com/nok/git-walk but had to modify it to use my list instead of generating it's own each time because it was going into a loop. | |
| So `read_commit_ids` looks like this: | |
| ``` | |
| def read_commit_ids(): | |
| #cmd = 'git rev-list --all' | |
| #log = subp.check_output(cmd.split()).strip() | |
| #log = [line.strip() for line in log.split('\n')] | |
| with open("commit_list.txt") as f: |
NewerOlder