Skip to content

Instantly share code, notes, and snippets.


Mitch Garnaat garnaat

View GitHub Profile
garnaat /
Created Feb 23, 2012
Use multiprocess to download objects from S3
import multiprocessing
import boto
import os
import sys
import datetime
import logging
import Queue
garnaat /
Created Oct 17, 2014
Find all untagged EC2 instances
import skew
for instance in skew.scan('arn:aws:ec2:*:*:instance/*'):
if not instance.tags:
print('%s is untagged' % instance.arn)
garnaat / gist:2917662
Created Jun 12, 2012
Example using boto to create an IAM role and associate it with an EC2 instance
View gist:2917662
In [1]: policy = """{
...: "Statement":[{
...: "Effect":"Allow",
...: "Action":["s3:*"],
...: "Resource":["arn:aws:s3:::mybucket"]}]}"""
In [2]: import boto
In [4]: c = boto.connect_iam()
In [5]: instance_profile = c.create_instance_profile('myinstanceprofile')
In [6]: role = c.create_role('myrole')
In [7]: c.add_role_to_instance_profile('myinstanceprofile', 'myrole')
garnaat /
Created Sep 15, 2010
Use IAM/boto to provide access to EC2 and S3
IAM boto examples:
In this example we create a group that provides access
to all EC2 and S3 resources and actions and then add a
user to that group.
import boto
# First create a connection to the IAM service
garnaat / gist:4123f1aefe7d65df9b48
Created Oct 15, 2014
A skew script to audit all security groups for non-whitelisted IP addresses
View gist:4123f1aefe7d65df9b48
import skew
# Add whitelisted CIDR blocks here, e.g.
# Any addresses not in this list will be flagged.
whitelist = []
for secgrp in skew.scan('arn:aws:ec2:*:*:security-group/*'):
for ipperms in['IpPermissions']:
for ip in ipperms['IpRanges']:
if ip['CidrIp'] not in whitelist:
garnaat /
Created Feb 10, 2012
Update the content-type of an existing key in S3 using boto
import boto
s3 = boto.connect_s3()
bucket = s3.lookup('mybucket')
key = bucket.lookup('mykey')
# Copy the key onto itself, preserving the ACL but changing the content-type
key.copy(key.bucket,, preserve_acl=True, metadata={'Content-Type': 'text/plain'})
key = bucket.lookup('mykey')
garnaat / gist:3762068
Created Sep 21, 2012
Disable SSL Certificate verification in boto
View gist:3762068
# Add this line to your boto config file in the Boto section
https_validate_certificates = False
garnaat / gist:10682964
Created Apr 14, 2014
Launch an AWS Web Console using credential from an IAM Role
View gist:10682964
#!/usr/bin/env python
Launch an AWS Web Console.
awsconsole launch --role=<role_arn> [--profile=<profile_name>]
launch - Launch the AWS Console in your default web browser with
the specified credentials. The console will be authenticated
garnaat /
Created Oct 13, 2011
Example of eucarc file
EUCA_KEY_DIR=$(dirname $(readlink -f ${BASH_SOURCE}))
export S3_URL=
export EC2_URL=
export EC2_PRIVATE_KEY=${EUCA_KEY_DIR}/euca2-garnaat-e5ec560d-pk.pem
export EC2_CERT=${EUCA_KEY_DIR}/euca2-garnaat-e5ec560d-cert.pem
export EUCALYPTUS_CERT=${EUCA_KEY_DIR}/cloud-cert.pem
export EC2_ACCESS_KEY='999999999999999999999999999999999999'
export EC2_SECRET_KEY='00000000000000000000000000000000000000'
# This is a bogus value; Eucalyptus does not need this but client tools do.
garnaat / gist:1443559
Created Dec 7, 2011
Using get_all_instance_status method in boto
View gist:1443559
>>> import boto
>>> ec2 = boto.connect_ec2()
>>> stats = ec2.get_all_instance_status()
>>> stats
>>> stat = stats[0]
>>> stat
You can’t perform that action at this time.