cdelashmutt-pivotal/disable-guard-duty.sh

## disable-guard-duty.sh
#!/bin/bash
# Borrowed heavily from https://gist.github.com/tomofuminijo/ac321d7b6423bab7f175c8795546bd9a

for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output json | jq -r '.[]' | tr '\n' ' '); do
    echo Checking for detectors in $region
    detector_id=$(aws guardduty list-detectors --region $region --query "DetectorIds[0]" --output text)

    # if detector not exist, continue
    if [ $detector_id = "None" ]; then
        continue
    fi

    # delete members if exist
    # get associated accounts
    echo + Found $detector_id.  Checking for associated accounts.
    associated_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated true --query "Members[].AccountId" --output text --region $region)
    if [ -n "$associated_account_ids" ]; then
        echo + Disassociating accounts $associated_account_ids from detector $detector_id
        aws guardduty disassociate-members --detector-id $detector_id --account-ids $associated_account_ids --region $region
    fi
    # diassociate members
    # delete members
    member_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated false --query "Members[].AccountId" --output text --region $region)
    if [ -n "$member_account_ids" ]; then
        echo + Deleting members $member_account_ids from detector $detector_id
        aws guardduty delete-members --detector-id $detector_id --account-ids $member_account_ids --region $region
    fi
    echo + Deleting detector $detector_id
    aws guardduty delete-detector --detector-id $detector_id --region $region
done
	#!/bin/bash
	# Borrowed heavily from https://gist.github.com/tomofuminijo/ac321d7b6423bab7f175c8795546bd9a

	for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output json \| jq -r '.[]' \| tr '\n' ' '); do
	echo Checking for detectors in $region
	detector_id=$(aws guardduty list-detectors --region $region --query "DetectorIds[0]" --output text)

	# if detector not exist, continue
	if [ $detector_id = "None" ]; then
	continue
	fi

	# delete members if exist
	# get associated accounts
	echo + Found $detector_id. Checking for associated accounts.
	associated_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated true --query "Members[].AccountId" --output text --region $region)
	if [ -n "$associated_account_ids" ]; then
	echo + Disassociating accounts $associated_account_ids from detector $detector_id
	aws guardduty disassociate-members --detector-id $detector_id --account-ids $associated_account_ids --region $region
	fi
	# diassociate members
	# delete members
	member_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated false --query "Members[].AccountId" --output text --region $region)
	if [ -n "$member_account_ids" ]; then
	echo + Deleting members $member_account_ids from detector $detector_id
	aws guardduty delete-members --detector-id $detector_id --account-ids $member_account_ids --region $region
	fi
	echo + Deleting detector $detector_id
	aws guardduty delete-detector --detector-id $detector_id --region $region
	done