I hereby claim:
- I am akrishnakumar-splunk on github.
- I am beingadityak (https://keybase.io/beingadityak) on keybase.
- I have a public key ASCLCyJ2CS-8Sn8oyjTBI0nxhW4K4viwGKxEwmFnUDgMDgo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
# Security groups that contain 0.0.0.0/0 rules | |
aws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values=0.0.0.0/0 --output=text | grep SECURITYGROUPS | |
# Security groups for ElasticSearch | |
aws ec2 describe-security-groups --filters Name=ip-permission.from-port,Values=9200 --output=text | grep SECURITYGROUPS | |
# Search last 10,000/1MB of CloudTrail logs for 'AccessDenied' (removed AWS account number from stream name) | |
aws logs get-log-events --log-group-name CloudTrail/DefaultLogGroup --log-stream-name 000000000000_CloudTrail_eu-west-1 | grep AccessDenied | |
# Get number of AWS API calls in time period (assumes a Cloudwatch Logs 'catch-all' filter and metric has been created against CloudTrail logs) |