Skip to content

Instantly share code, notes, and snippets.


Scott Piper 0xdabbad00

View GitHub Profile
0xdabbad00 / gist:470d535522d4bc8233aa304c196c4a13
Created Aug 3, 2021
Guardduty announcement to SNS 2021.08.03
View gist:470d535522d4bc8233aa304c196c4a13
"version": "1",
"featureDetails": [{
"featureDescription": "Changes to Amazon GuardDuty finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration'. We are notifying you of a change to the name and behavior of the Amazon GuardDuty finding 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' that will take effect on September 6, 2021. We are making these changes to improve the accuracy of this finding type, and in preparation for the upcoming release of a new Amazon GuardDuty finding type. These changes will take affect in all Amazon GuardDuty supported AWS regions. The finding type name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration' will be replaced with the name 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS'. The renamed finding type 'UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.OutsideAWS' will improve the accuracy of the existing finding type by learning the remote networks that in
View Getting API count by service and categories
cat botocore/data/*/*/service*.json | jq -cr '.metadata.serviceId as $service | .operations[]| $service + ":" + .name' | sort | sed 's/20.*//' | uniq | sed 's/:.*//' | uniq -c
Category Service API Count
Analytics CloudSearch Domain 3
Analytics CloudSearch 37
Analytics Athena 28
Analytics Data Pipeline 19
Analytics DataExchange 22
Analytics EMR 33
0xdabbad00 / AWSExposedCredentialPolicy_DO_NOT_REMOVE
Created Apr 10, 2020
Copy of AWSExposedCredentialPolicy_DO_NOT_REMOVE sent to me by someone
View AWSExposedCredentialPolicy_DO_NOT_REMOVE
"Version": "2012-10-17",
"Statement": [
"Effect": "Deny",
"Action": [
0xdabbad00 /
Created May 16, 2019
Script to get all versions of all AWS managed policies
# Use the AWS CLI to collect all versions of all AWS managed policies. Example files:
# APIGatewayServiceRolePolicy.v1
# APIGatewayServiceRolePolicy.v2
# APIGatewayServiceRolePolicy.v3
# Usage: ./
# Note that the following policies do not exist and create zero byte files:
View gist:ced7ee7278f8dac24ef9a454ed96028f
Announcement: Amazon S3 will no longer support path-style API requests starting September 30th, 2020
Posted By: Sarasaws
Created in: Forum: Amazon Simple Storage Service (S3)
Posted on: Apr 30, 2019 3:43 PM
Amazon S3 currently supports two request URI styles in all regions: path-style (also known as V1) that includes bucket name in the path of the URI (example: //<bucketname>/key), and virtual-hosted style (also known as V2) which uses the bucket name as part of the domain name (example: //<bucketname> In our effort to continuously improve customer experience, the path-style naming convention is being retired in favor of virtual-hosted style request format. Customers should update their applications to use the virtual-hosted style request format when making S3 API requests before September 30th, 2020 to avoid any service disruptions. Customers using the AWS SDK can upgrade to the most recent version of the SDK to ensure their applications are using the virtual-hosted st
0xdabbad00 / gist:d05b752c84712781c7ec7c040585bf3a
Last active Jan 16, 2021
AWS services per region using botocore endpoints
View gist:d05b752c84712781c7ec7c040585bf3a
cat botocore/data/endpoints.json | jq -cr '.partitions[0].services | keys[] as $k | .[$k] | .endpoints|to_entries[]| .key +"\t"+ $k' | sort | cut -f1 | uniq -c | sort -nr | sed 's/^ *\([0-9][0-9]*\) /\1 /' | grep -v fips
126 us-east-1
116 us-west-2
115 eu-west-1
101 ap-southeast-2
100 ap-northeast-1
97 eu-central-1
95 us-east-2
View gist:d2617b21b7b0426ca54c1df92adddfce
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<xs:schema xmlns:tns="" xmlns:xs="" targetNamespace="" elementFormDefault="qualified">
<xs:element name="ActiveTrustedSigners" type="tns:ActiveTrustedSigners"/>
<xs:complexType name="ActiveTrustedSigners">
<xs:element name="Enabled" type="xs:boolean"/>
<xs:element name="Quantity" type="xs:integer"/>
<xs:element name="Items" type="tns:SignerList" minOccurs="0"/>
View gist:a31fde35e000de85f679a019fb27b48b
"serviceFullName":"Amazon CloudFront",
0xdabbad00 / gist:5d1d5fd619a20ba2ee899c56f8d6787f
Created Mar 26, 2019
WARNING: Only tested in a test account, beware, this could break things.
View gist:5d1d5fd619a20ba2ee899c56f8d6787f
"Version": "2012-10-17",
"Statement": [
"Action": [
View gist:489c188a154cb1074f724dec375318b2