angrychimp

#!/bin/bash

IFS=$'\n'

for image in $(aws ec2 describe-images --filter "Name=description,Values=Auto backed up on *" --query 'Images[].{Description:Description,Image_ID:ImageId,DateCreated:CreationDate}')
    creationDate=$(echo $image | awk -F'\t' '{print $1}')
    description=$(echo $image | awk -F'\t' '{print $2}')
    imageId=$(echo $image | awk -F'\t' '{print $3}')
    echo "$imageId | $creationDate | $description"
done

angrychimp

from __future__ import print
import boto3
import datetime
import sys

def main():
    client = boto3.client('cloudformation')
    stack_name = sys.argv[1]
    stack = client.describe_stacks(StackName=stack_name)['Stacks'][0]
    # refresh while state is not final

angrychimp

# Create the partitioned table
CREATE EXTERNAL TABLE IF NOT EXISTS {SCHEMA}.{TABLE_NAME} (
  type string,
  time string,
  alb_id string,
  alb_name string,
  client_ip string,
  client_port int,
  target_ip string,
  request_processing_time double,

angrychimp

alias make-pkcs12='domain=$(pwd | xargs basename); openssl pkcs12 -export -inkey $domain.key -in $domain.crt -certfile $domain.ca.crt -out $domain.pfx'

angrychimp

import boto3
import sys
import json
import logging
from threading import Thread
from queue import Queue

logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
logger = logging.getLogger(__name__)

angrychimp

#!/bin/bash

# Assumes that your AWS CLI default profile is set. If not, set the AWS_PROFILE environment variable
SECLISTS_BUCKET=my-seclists-bucket
ATHENA_OUTPUT_BUCKET=my-athena-output-bucket

# Create the bucket (if necessary)
if [[ -n $(aws s3 ls s3://$SECLISTS_BUCKET 2>&1 | grep 'does not exist') ]]; then 
	aws s3 mb s3://$SECLISTS_BUCKET --region $(aws configure get region)
fi

angrychimp

#!/bin/bash

# requires jq: https://stedolan.github.io/jq/
# requires aws-cli: http://docs.aws.amazon.com/cli/latest/userguide/installing.html

for bucket in `aws s3 ls | awk '{print $NF}'`; do
	errors=$(expr $(aws s3api get-bucket-acl --bucket $bucket |
		jq '.Grants | .[] | if (.Permission == "READ" and (.Grantee.URI == "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" or .Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers")) then "ERROR" else null end' |
		grep ERROR |
		wc -l))

angrychimp

### Keybase proof

I hereby claim:

  * I am angrychimp on github.
  * I am angrychimp (https://keybase.io/angrychimp) on keybase.
  * I have a public key ASCBtywTAqDTD8u4ALnVWGevAG93Yj6a2VmCzywZjDO8qgo

To claim this, I am signing this object:

angrychimp

#!/bin/bash

SGID=sg-123ad456
PROFILE=aws-profile

# Add current IP to ingress list
myip=$(curl -s https://rand.tools/ip/)
aws --profile $PROFILE ec2 authorize-security-group-ingress --dry-run --group-id $SGID --ip-permissions "[{\"IpProtocol\": \"tcp\", \"FromPort\": 22, \"ToPort\": 22, \"IpRanges\": [{\"CidrIp\": \"$myip/32\"}]}]"

# Remove any old IPs from ingress

angrychimp

#!/bin/bash

USERNAME="your username here"
SFTPHOST="your sftp host"
SFTPPORT=22                     # or other port, if non-standard

# Create SSH key-pair for SFTP access
# (creates pair with no passphrase)
ssh-keygen -b 2048 -t rsa -C "$SFTPHOST" -N "" -f ~/.ssh/id_rsa.sftp