{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::132092777689:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
Last active
June 21, 2022 17:50
-
-
Save dserodio/3728e71eb0c61b58fbab49f2eab9cbcd to your computer and use it in GitHub Desktop.
AWS snippets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# find the owner of an AWS access key | |
# https://stackoverflow.com/a/31275655 | |
for user in $(aws iam list-users --output text | awk '{print $NF}'); do | |
aws iam list-access-keys --user $user --output text | |
done | |
# alternative that uses jq(1) insteaed of awk(1) | |
for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do | |
aws iam list-access-keys --user $user --output text | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# check if your Amazon ECS container agent is running the latest version with the introspection API | |
curl -s 127.0.0.1:51678/v1/metadata | python -mjson.tool |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Find the latest Amazon Linux AMI (change region as needed) | |
aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# coding: utf-8 | |
import boto3 | |
s3 = boto3.resource('s3') | |
for bucket in s3.buckets.all(): | |
acl = bucket.Acl() | |
for grant in acl.grants: | |
if (grant['Grantee']['Type'] == 'Group' | |
and grant['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers' | |
and grant['Permission'] == 'READ'): | |
print (bucket.name, "is PUBLIC") | |
break | |
else: | |
print (bucket.name, "is private") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# list instance type offers by availability zone | |
AZ=${$1:-us-east-1a} | |
aws ec2 describe-instance-type-offerings --location-type "availability-zone" --filters Name=location,Values=$AZ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import boto3 | |
org = boto3.client('organizations') | |
accounts = org.list_accounts()['Accounts'] | |
for a in accounts: | |
print(a['Id'], a['Email']) | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# List RDS events except for "backup" events | |
# JSON output format: | |
$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \ | |
| jq '.Events[] | select(.EventCategories[] | contains("backup") | not)' | |
# Text output format: | |
$ aws --region REGION rds describe-events --source-identifier DATABASE_NAME --source-type db-instance --duration 20160 --output text \ | |
| perl -0pe 's/^EVENTS.*?\nEVENTCATEGORIES\sbackup\n//mg' | |
# List all events for a single DB instance (via https://gist.github.com/HieronyM/149ca010930676b25e6b5b8cb2c9e134) | |
$ aws \ | |
rds \ | |
describe-events \ | |
--source-identifier db_identifier \ | |
--source-type db-instance \ | |
--start-time $(date -u -d "14 days ago + 5 seconds" '+%FT%T') \ | |
--end-time $(date -u '+%FT%T') \ | |
--query 'Events[*].[Date,Message]' --output text |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
for region in ['sa-east-1', 'us-west-2', 'us-east-1']: | |
client = boto3.client('rds', region_name=region) | |
instances = client.describe_db_instances()['DBInstances'] | |
for i in instances: | |
print('%s\t%s' % (i['DBInstanceIdentifier'], i['StorageEncrypted'])) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
for region in ['sa-east-1', 'us-west-2', 'us-east-1']: | |
client = boto3.client('rds', region_name=region) | |
instances = client.describe_db_instances()['DBInstances'] | |
for i in instances: | |
name = i['DBInstanceIdentifier'] | |
backup_period = i['BackupRetentionPeriod'] | |
print('%s\t%s' % (name, backup_period)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
from datetime import datetime, timedelta | |
regions = ['sa-east-1', 'us-west-2', 'us-east-1'] | |
hour = timedelta(hours=1) | |
# Based on https://stackoverflow.com/a/41734057/31493 | |
def get_free_storage(instance_id, region): | |
cloudwatch = boto3.client('cloudwatch', region) | |
res = cloudwatch.get_metric_statistics( | |
Namespace='AWS/RDS', | |
Dimensions=[{'Name': 'DBInstanceIdentifier', 'Value': instance_id}], | |
MetricName='FreeStorageSpace', | |
Statistics=['Maximum'], | |
StartTime=datetime.now() - hour, | |
EndTime=datetime.now(), | |
Period=3600 | |
) | |
return res['Datapoints'][0]['Maximum'] | |
def bytes2gb(bytes): | |
return bytes / (1024**3) | |
if __name__ == '__main__': | |
dbs = {} | |
for region in regions: | |
rds = boto3.client('rds', region_name=region) | |
instances = rds.describe_db_instances()['DBInstances'] | |
for i in instances: | |
db_id = i['DBInstanceIdentifier'] | |
allocated_bytes = i['AllocatedStorage'] | |
free_bytes = bytes2gb(get_free_storage(db_id, region)) | |
dbs[db_id] = { | |
'allocated': allocated_bytes, | |
'free': free_bytes, | |
'used': allocated_bytes - free_bytes | |
} | |
total_gb = 0 | |
for db in dbs.values(): | |
total_gb += db['used'] | |
print(total_gb) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment