Skip to content

Instantly share code, notes, and snippets.

Avatar

Mitch Garnaat garnaat

View GitHub Profile
@garnaat
garnaat / download.py
Created Feb 23, 2012
Use multiprocess to download objects from S3
View download.py
"""
"""
import multiprocessing
import boto
import os
import sys
import datetime
import logging
import Queue
@garnaat
garnaat / untagged_instances.py
Created Oct 17, 2014
Find all untagged EC2 instances
View untagged_instances.py
import skew
for instance in skew.scan('arn:aws:ec2:*:*:instance/*'):
if not instance.tags:
print('%s is untagged' % instance.arn)
@garnaat
garnaat / gist:2917662
Created Jun 12, 2012
Example using boto to create an IAM role and associate it with an EC2 instance
View gist:2917662
In [1]: policy = """{
...: "Statement":[{
...: "Effect":"Allow",
...: "Action":["s3:*"],
...: "Resource":["arn:aws:s3:::mybucket"]}]}"""
In [2]: import boto
In [4]: c = boto.connect_iam()
In [5]: instance_profile = c.create_instance_profile('myinstanceprofile')
In [6]: role = c.create_role('myrole')
In [7]: c.add_role_to_instance_profile('myinstanceprofile', 'myrole')
@garnaat
garnaat / iam_ec2_example.py
Created Sep 15, 2010
Use IAM/boto to provide access to EC2 and S3
View iam_ec2_example.py
"""
IAM boto examples:
In this example we create a group that provides access
to all EC2 and S3 resources and actions and then add a
user to that group.
"""
import boto
#
# First create a connection to the IAM service
@garnaat
garnaat / gist:4123f1aefe7d65df9b48
Created Oct 15, 2014
A skew script to audit all security groups for non-whitelisted IP addresses
View gist:4123f1aefe7d65df9b48
import skew
# Add whitelisted CIDR blocks here, e.g. 192.168.1.1/32.
# Any addresses not in this list will be flagged.
whitelist = []
for secgrp in skew.scan('arn:aws:ec2:*:*:security-group/*'):
for ipperms in secgrp.data['IpPermissions']:
for ip in ipperms['IpRanges']:
if ip['CidrIp'] not in whitelist:
@garnaat
garnaat / update_key.py
Created Feb 10, 2012
Update the content-type of an existing key in S3 using boto
View update_key.py
import boto
s3 = boto.connect_s3()
bucket = s3.lookup('mybucket')
key = bucket.lookup('mykey')
# Copy the key onto itself, preserving the ACL but changing the content-type
key.copy(key.bucket, key.name, preserve_acl=True, metadata={'Content-Type': 'text/plain'})
key = bucket.lookup('mykey')
@garnaat
garnaat / gist:3762068
Created Sep 21, 2012
Disable SSL Certificate verification in boto
View gist:3762068
[Boto]
# Add this line to your boto config file in the Boto section
https_validate_certificates = False
@garnaat
garnaat / gist:10682964
Created Apr 14, 2014
Launch an AWS Web Console using credential from an IAM Role
View gist:10682964
#!/usr/bin/env python
"""
Launch an AWS Web Console.
Usage:
awsconsole launch --role=<role_arn> [--profile=<profile_name>]
Commands:
launch - Launch the AWS Console in your default web browser with
the specified credentials. The console will be authenticated
@garnaat
garnaat / eucarc.sh
Created Oct 13, 2011
Example of eucarc file
View eucarc.sh
EUCA_KEY_DIR=$(dirname $(readlink -f ${BASH_SOURCE}))
export S3_URL=http://173.205.188.130:8773/services/Walrus
export EC2_URL=http://173.205.188.130:8773/services/Eucalyptus
export EC2_PRIVATE_KEY=${EUCA_KEY_DIR}/euca2-garnaat-e5ec560d-pk.pem
export EC2_CERT=${EUCA_KEY_DIR}/euca2-garnaat-e5ec560d-cert.pem
export EC2_JVM_ARGS=-Djavax.net.ssl.trustStore=${EUCA_KEY_DIR}/jssecacerts
export EUCALYPTUS_CERT=${EUCA_KEY_DIR}/cloud-cert.pem
export EC2_ACCESS_KEY='999999999999999999999999999999999999'
export EC2_SECRET_KEY='00000000000000000000000000000000000000'
# This is a bogus value; Eucalyptus does not need this but client tools do.
@garnaat
garnaat / gist:1443559
Created Dec 7, 2011
Using get_all_instance_status method in boto
View gist:1443559
>>> import boto
>>> ec2 = boto.connect_ec2()
>>> stats = ec2.get_all_instance_status()
>>> stats
[InstanceStatus:i-67c81e0c]
>>> stat = stats[0]
>>> stat
InstanceStatus:i-67c81e0c
>>> stat.id
u'i-67c81e0c'
You can’t perform that action at this time.