Skip to content

Instantly share code, notes, and snippets.

@dserodio dserodio/
Last active Jul 3, 2020

What would you like to do?
AWS snippets
# find the owner of an AWS access key
for user in $(aws iam list-users --output text | awk '{print $NF}'); do
aws iam list-access-keys --user $user --output text
# alternative that uses jq(1) insteaed of awk(1)
for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
aws iam list-access-keys --user $user --output text
# check if your Amazon ECS container agent is running the latest version with the introspection API
curl -s | python -mjson.tool
# Find the latest Amazon Linux AMI (change region as needed)
aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq .
# coding: utf-8
import boto3
s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
acl = bucket.Acl()
for grant in acl.grants:
if (grant['Grantee']['Type'] == 'Group'
and grant['Grantee']['URI'] == ''
and grant['Permission'] == 'READ'):
print (, "is PUBLIC")
print (, "is private")
# list instance type offers by availability zone
aws ec2 describe-instance-type-offerings --location-type "availability-zone" --filters Name=location,Values=$AZ

IAM Policy to require MFA to assume a role

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::132092777689:root"
      "Action": "sts:AssumeRole",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
# List RDS events except for "backup" events
# JSON output format:
$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \
| jq '.Events[] | select(.EventCategories[] | contains("backup") | not)'
# Text output format:
$ aws --region REGION rds describe-events --source-identifier DATABASE_NAME --source-type db-instance --duration 20160 --output text \
| perl -0pe 's/^EVENTS.*?\nEVENTCATEGORIES\sbackup\n//mg'
# List all events for a single DB instance (via
$ aws \
rds \
describe-events \
--source-identifier db_identifier \
--source-type db-instance \
--start-time $(date -u -d "14 days ago + 5 seconds" '+%FT%T') \
--end-time $(date -u '+%FT%T') \
--query 'Events[*].[Date,Message]' --output text
# List databases and whether they're encrypted at rest or not
import boto3
for region in ['sa-east-1', 'us-west-2', 'us-east-1']:
client = boto3.client('rds', region_name=region)
instances = client.describe_db_instances()['DBInstances']
for i in instances:
print('%s\t%s' % (i['DBInstanceIdentifier'], i['StorageEncrypted']))
# get total storage used by RDS instances
import boto3
from datetime import datetime, timedelta
regions = ['sa-east-1', 'us-west-2', 'us-east-1']
hour = timedelta(hours=1)
def get_free_storage(instance_id, region):
cloudwatch = boto3.client('cloudwatch', region)
res = cloudwatch.get_metric_statistics(
Dimensions=[{'Name': 'DBInstanceIdentifier', 'Value': instance_id}],
Statistics=['Maximum'], - hour,,
return res['Datapoints'][0]['Maximum']
def bytes2gb(bytes):
return bytes / (1024**3)
if __name__ == '__main__':
dbs = {}
for region in regions:
rds = boto3.client('rds', region_name=region)
instances = rds.describe_db_instances()['DBInstances']
for i in instances:
db_id = i['DBInstanceIdentifier']
allocated_bytes = i['AllocatedStorage']
free_bytes = bytes2gb(get_free_storage(db_id, region))
dbs[db_id] = {
'allocated': allocated_bytes,
'free': free_bytes,
'used': allocated_bytes - free_bytes
total_gb = 0
for db in dbs.values():
total_gb += db['used']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.