Austin Heiman atheiman

## boto3_all_accounts.py
import boto3

region = boto3.Session().region_name
if region.startswith("us-gov-"):
    partition = "aws-us-gov"
else:
    partition = "aws"

orgs = boto3.client("organizations")
sts = boto3.client("sts")

## aws_switch_role_bookmark_generator.py
import boto3
import os

# Environment variables for configuration
role_name = os.environ.get("ROLE_NAME", "OrganizationAccountAccessRole")
include_mgmt = os.environ.get("INCLUDE_MGMT", "true").lower() == "true"

sts = boto3.client("sts")
caller_arn = sts.get_caller_identity()["Arn"]
partition = caller_arn.split(":")[1]

## tag_dedicated_hosts.py
#!/usr/bin/env python

import json
import boto3

default_region = boto3.Session().region_name
if default_region.startswith("us-gov-"):
    partition = "aws-us-gov"
    regions = ["us-gov-west-1", "us-gov-east-1"]
else:

## security_hub_findings_query.py
#!/usr/bin/env python

import boto3
import json

sechub = boto3.client("securityhub")
sts = boto3.client("sts")

caller_arn = sts.get_caller_identity()["Arn"]
print(caller_arn)

## template.yml
# aws cloudformation deploy \
#   --profile mgmt \
#   --template-file ./template.yml \
#   --stack-name ConfigRuleAccountTags \
#   --capabilities CAPABILITY_IAM

Resources:
  ConfigRule:
    Type: AWS::Config::ConfigRule
    DependsOn: EvaluationFunctionConfigPermission

## external_cidrs_calculator.py
from ipaddress import IPv4Network, IPv4Address, summarize_address_range
import json
import os


def lambda_handler(event, context):
    print(json.dumps(event))

    # Basic event validation
    if "cidrs" not in event or not isinstance(event["cidrs"], list) or len(event["cidrs"]) < 1:

## cloudformation-security-hub-update-findings-lambda.yml
Resources:
  SecurityHubFindingUpdateFunction:
    Type: AWS::Lambda::Function
    Properties:
      Description: Applies metadata to Security Hub findings
      Role: !Sub '${SecurityHubFindingUpdateFunctionRole.Arn}'
      # ReservedConcurrentExecutions can be used to throttle the function if invocations get too
      # high. However, all findings may not be updated.
      #ReservedConcurrentExecutions: 3
      Environment:

## script.py
def dict_dot_notation(d, path=[]):
    d2 = {}
    for k, v in d.items():
        k_path = path + [str(k)]
        k_formatted = ".".join(k_path)

        if isinstance(v, dict):
            # merge in dict with recursive call
            d2 = {**d2, **dict_dot_notation(v, path=k_path)}
        elif isinstance(v, list) or isinstance(v, tuple):

## README.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                atheiman
                / README.md
            
            
              Last active
              December 8, 2023 03:28
            
              
                AWS CloudShell setup
              
          
    curl -Ls https://gist.githubusercontent.com/atheiman/45e45ada59e558b21f951d8e81faf345/raw/cloudshell-setup.sh?$RANDOM | bash

  
## boto3_cross_account_actions.py
#!/usr/bin/env python3

import boto3
import botocore

partition = 'aws'
regions = ['us-east-1', 'us-west-2']
skip_master_acct = True

organizations = boto3.client('organizations')
	import boto3

	region = boto3.Session().region_name
	if region.startswith("us-gov-"):
	partition = "aws-us-gov"
	else:
	partition = "aws"

	orgs = boto3.client("organizations")
	sts = boto3.client("sts")
	import boto3
	import os

	# Environment variables for configuration
	role_name = os.environ.get("ROLE_NAME", "OrganizationAccountAccessRole")
	include_mgmt = os.environ.get("INCLUDE_MGMT", "true").lower() == "true"

	sts = boto3.client("sts")
	caller_arn = sts.get_caller_identity()["Arn"]
	partition = caller_arn.split(":")[1]
	#!/usr/bin/env python

	import json
	import boto3

	default_region = boto3.Session().region_name
	if default_region.startswith("us-gov-"):
	partition = "aws-us-gov"
	regions = ["us-gov-west-1", "us-gov-east-1"]
	else:
	# aws cloudformation deploy \
	# --profile mgmt \
	# --template-file ./template.yml \
	# --stack-name ConfigRuleAccountTags \
	# --capabilities CAPABILITY_IAM

	Resources:
	ConfigRule:
	Type: AWS::Config::ConfigRule
	DependsOn: EvaluationFunctionConfigPermission
	from ipaddress import IPv4Network, IPv4Address, summarize_address_range
	import json
	import os


	def lambda_handler(event, context):
	print(json.dumps(event))

	# Basic event validation
	if "cidrs" not in event or not isinstance(event["cidrs"], list) or len(event["cidrs"]) < 1:
	Resources:
	SecurityHubFindingUpdateFunction:
	Type: AWS::Lambda::Function
	Properties:
	Description: Applies metadata to Security Hub findings
	Role: !Sub '${SecurityHubFindingUpdateFunctionRole.Arn}'
	# ReservedConcurrentExecutions can be used to throttle the function if invocations get too
	# high. However, all findings may not be updated.
	#ReservedConcurrentExecutions: 3
	Environment:
	def dict_dot_notation(d, path=[]):
	d2 = {}
	for k, v in d.items():
	k_path = path + [str(k)]
	k_formatted = ".".join(k_path)

	if isinstance(v, dict):
	# merge in dict with recursive call
	d2 = {d2, dict_dot_notation(v, path=k_path)}
	elif isinstance(v, list) or isinstance(v, tuple):
	#!/usr/bin/env python3

	import boto3
	import botocore

	partition = 'aws'
	regions = ['us-east-1', 'us-west-2']
	skip_master_acct = True

	organizations = boto3.client('organizations')