dserodio/aws.sh

## aws.sh
# find the owner of an AWS access key
# https://stackoverflow.com/a/31275655

for user in $(aws iam list-users --output text | awk '{print $NF}'); do
    aws iam list-access-keys --user $user --output text
done

# alternative that uses jq(1) insteaed of awk(1)

for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
    aws iam list-access-keys --user $user --output text
done

## ecs-version.sh
# check if your Amazon ECS container agent is running the latest version with the introspection API

curl -s 127.0.0.1:51678/v1/metadata | python -mjson.tool

## find-ami.sh
# Find the latest Amazon Linux AMI (change region as needed)

aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq .

## find_public_buckets.py
# coding: utf-8
import boto3

s3 = boto3.resource('s3')

for bucket in s3.buckets.all():
    acl = bucket.Acl()
    for grant in acl.grants:
        if (grant['Grantee']['Type'] == 'Group'
            and grant['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers'
            and grant['Permission'] == 'READ'):
                print (bucket.name, "is PUBLIC")
                break
    else:
        print (bucket.name, "is private")

## list-instance-types.sh
# list instance type offers by availability zone

AZ=${$1:-us-east-1a}

aws ec2 describe-instance-type-offerings --location-type "availability-zone" --filters Name=location,Values=$AZ

## list_org_accounts.py
#!/usr/bin/env python3
import boto3

org = boto3.client('organizations')
accounts = org.list_accounts()['Accounts']

for a in accounts:
    print(a['Id'], a['Email'])


## policy.md

      
    Raw
  

              policy.md
            
          
    IAM Policy to require MFA to assume a role

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::132092777689:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
        }
      }
    }
  ]
}

  
## rds-describe-events.sh
# List RDS events except for "backup" events

# JSON output format:
$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \
    | jq '.Events[] | select(.EventCategories[] | contains("backup") | not)'

# Text output format:
$ aws --region REGION rds describe-events --source-identifier DATABASE_NAME --source-type db-instance --duration 20160 --output text \
    | perl -0pe 's/^EVENTS.*?\nEVENTCATEGORIES\sbackup\n//mg'

# List all events for a single DB instance (via https://gist.github.com/HieronyM/149ca010930676b25e6b5b8cb2c9e134)
$ aws \
rds \
describe-events \
   --source-identifier db_identifier \
   --source-type db-instance \
   --start-time $(date -u -d "14 days ago + 5 seconds" '+%FT%T') \
   --end-time $(date -u '+%FT%T') \
   --query 'Events[*].[Date,Message]' --output text

## rds_crypto_list.py
import boto3

for region in ['sa-east-1', 'us-west-2', 'us-east-1']:
    client = boto3.client('rds', region_name=region)
    instances = client.describe_db_instances()['DBInstances']
    for i in instances:
        print('%s\t%s' % (i['DBInstanceIdentifier'], i['StorageEncrypted']))

## rds_list_backups.py
import boto3

for region in ['sa-east-1', 'us-west-2', 'us-east-1']:
    client = boto3.client('rds', region_name=region)
    instances = client.describe_db_instances()['DBInstances']
    for i in instances:
        name = i['DBInstanceIdentifier']
        backup_period = i['BackupRetentionPeriod']
        print('%s\t%s' % (name, backup_period))

## rds_storage.py
import boto3
from datetime import datetime, timedelta

regions = ['sa-east-1', 'us-west-2', 'us-east-1']
hour = timedelta(hours=1)

# Based on https://stackoverflow.com/a/41734057/31493
def get_free_storage(instance_id, region):
    cloudwatch = boto3.client('cloudwatch', region)
    res = cloudwatch.get_metric_statistics(
        Namespace='AWS/RDS',
        Dimensions=[{'Name': 'DBInstanceIdentifier', 'Value': instance_id}],
        MetricName='FreeStorageSpace',
        Statistics=['Maximum'],
        StartTime=datetime.now() - hour,
        EndTime=datetime.now(),
        Period=3600
    )
    return res['Datapoints'][0]['Maximum']


def bytes2gb(bytes):
    return bytes / (1024**3)


if __name__ == '__main__':
    dbs = {}
    for region in regions:
        rds = boto3.client('rds', region_name=region)
        instances = rds.describe_db_instances()['DBInstances']
        for i in instances:
            db_id = i['DBInstanceIdentifier']
            allocated_bytes = i['AllocatedStorage']
            free_bytes = bytes2gb(get_free_storage(db_id, region))
            dbs[db_id] = {
                'allocated': allocated_bytes,
                'free': free_bytes,
                'used': allocated_bytes - free_bytes
            }

    total_gb = 0
    for db in dbs.values():
        total_gb += db['used']
    print(total_gb)
	# find the owner of an AWS access key
	# https://stackoverflow.com/a/31275655

	for user in $(aws iam list-users --output text \| awk '{print $NF}'); do
	aws iam list-access-keys --user $user --output text
	done

	# alternative that uses jq(1) insteaed of awk(1)

	for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
	aws iam list-access-keys --user $user --output text
	done
	# check if your Amazon ECS container agent is running the latest version with the introspection API

	curl -s 127.0.0.1:51678/v1/metadata \| python -mjson.tool
	# Find the latest Amazon Linux AMI (change region as needed)

	aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 \| jq .
	# coding: utf-8
	import boto3

	s3 = boto3.resource('s3')

	for bucket in s3.buckets.all():
	acl = bucket.Acl()
	for grant in acl.grants:
	if (grant['Grantee']['Type'] == 'Group'
	and grant['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers'
	and grant['Permission'] == 'READ'):
	print (bucket.name, "is PUBLIC")
	break
	else:
	print (bucket.name, "is private")
	# list instance type offers by availability zone

	AZ=${$1:-us-east-1a}

	aws ec2 describe-instance-type-offerings --location-type "availability-zone" --filters Name=location,Values=$AZ
	#!/usr/bin/env python3
	import boto3

	org = boto3.client('organizations')
	accounts = org.list_accounts()['Accounts']

	for a in accounts:
	print(a['Id'], a['Email'])
	# List RDS events except for "backup" events

	# JSON output format:
	$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \
	\| jq '.Events[] \| select(.EventCategories[] \| contains("backup") \| not)'

	# Text output format:
	$ aws --region REGION rds describe-events --source-identifier DATABASE_NAME --source-type db-instance --duration 20160 --output text \
	\| perl -0pe 's/^EVENTS.*?\nEVENTCATEGORIES\sbackup\n//mg'

	# List all events for a single DB instance (via https://gist.github.com/HieronyM/149ca010930676b25e6b5b8cb2c9e134)
	$ aws \
	rds \
	describe-events \
	--source-identifier db_identifier \
	--source-type db-instance \
	--start-time $(date -u -d "14 days ago + 5 seconds" '+%FT%T') \
	--end-time $(date -u '+%FT%T') \
	--query 'Events[*].[Date,Message]' --output text
	import boto3

	for region in ['sa-east-1', 'us-west-2', 'us-east-1']:
	client = boto3.client('rds', region_name=region)
	instances = client.describe_db_instances()['DBInstances']
	for i in instances:
	print('%s\t%s' % (i['DBInstanceIdentifier'], i['StorageEncrypted']))
	import boto3
	from datetime import datetime, timedelta

	regions = ['sa-east-1', 'us-west-2', 'us-east-1']
	hour = timedelta(hours=1)

	# Based on https://stackoverflow.com/a/41734057/31493
	def get_free_storage(instance_id, region):
	cloudwatch = boto3.client('cloudwatch', region)
	res = cloudwatch.get_metric_statistics(
	Namespace='AWS/RDS',
	Dimensions=[{'Name': 'DBInstanceIdentifier', 'Value': instance_id}],
	MetricName='FreeStorageSpace',
	Statistics=['Maximum'],
	StartTime=datetime.now() - hour,
	EndTime=datetime.now(),
	Period=3600
	)
	return res['Datapoints'][0]['Maximum']


	def bytes2gb(bytes):
	return bytes / (1024**3)


	if __name__ == '__main__':
	dbs = {}
	for region in regions:
	rds = boto3.client('rds', region_name=region)
	instances = rds.describe_db_instances()['DBInstances']
	for i in instances:
	db_id = i['DBInstanceIdentifier']
	allocated_bytes = i['AllocatedStorage']
	free_bytes = bytes2gb(get_free_storage(db_id, region))
	dbs[db_id] = {
	'allocated': allocated_bytes,
	'free': free_bytes,
	'used': allocated_bytes - free_bytes
	}

	total_gb = 0
	for db in dbs.values():
	total_gb += db['used']
	print(total_gb)