Skip to content

Instantly share code, notes, and snippets.

@dserodio dserodio/
Last active Sep 16, 2019

What would you like to do?
AWS snippets
# find the owner of an AWS access key
for user in $(aws iam list-users --output text | awk '{print $NF}'); do
aws iam list-access-keys --user $user --output text
# alternative that uses jq(1) insteaed of awk(1)
for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
aws iam list-access-keys --user $user --output text
# check if your Amazon ECS container agent is running the latest version with the introspection API
curl -s | python -mjson.tool
# Find the latest Amazon Linux AMI (change region as needed)
aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq .
# coding: utf-8
import boto3
s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
acl = bucket.Acl()
for grant in acl.grants:
if (grant['Grantee']['Type'] == 'Group'
and grant['Grantee']['URI'] == ''
and grant['Permission'] == 'READ'):
print (, "is PUBLIC")
print (, "is private")

IAM Policy to require MFA to assume a role

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::132092777689:root"
      "Action": "sts:AssumeRole",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
# List RDS events except for "backup" events
# JSON output format:
$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \
| jq '.Events[] | select(.EventCategories[] | contains("backup") | not)'
# Text output format:
$ aws --region REGION rds describe-events --source-identifier DATABASE_NAME --source-type db-instance --duration 20160 --output text \
| perl -0pe 's/^EVENTS.*?\nEVENTCATEGORIES\sbackup\n//mg'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.