Its unfortunately extremely common for customers and enterprises operating in AWS to have chosen a workload/storage bearing account (more than likely, the main production account) as the Organization Management Account (formerly known Organization "Master" account, before AWS adopted better naming).
Many customers and companies operating in AWS made this decision in 2018 or so and its unforunately not something that can be easily changes as of today (2024). Many customers have requests to AWS to make a friendly path for rehoming the Org Management account but last I heard it is still not prioritized. Thus, we as customers are left to go through the nerve-wracking, if not dangerous process of migrating to a new AWS Organization in order to align with modern best practices and reduce common privilege escalation and account to account lateral movement concerns (made worse if you happen to have enabled things like Cloudformation Stacksets, Control Tower, or other powerful services in the s
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "NotAction": [ | |
| "dax:*", | |
| "es:ESHttp*" | |
| ], | |
| "Resource": "*", | |
| "Effect": "Deny", |
houey
/ aws_organizations_migration_notes.md
Last active
April 17, 2024 19:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #usage deleteallapis.sh us-east-1 | |
| for api_id in $(aws apigatewayv2 get-apis --region $1 --query 'Items[*].ApiId' --output text); do aws apigatewayv2 delete-api --region $1 --api-id $api_id ; done |
houey
/ gist:dd8333ae2ac680f49bd9e46e2ca38750
Created
September 8, 2023 20:19
christophe's terraform tagger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "external" "git_commit" { | |
| program = ["git", "log", "--pretty=format:{ \"sha\": \"%H\" }", "-1", "HEAD"] | |
| } | |
| data "external" "git_remote_url" { | |
| program = ["sh", "-c", "git remote -v | head -n 1 | awk '{print \"{\\\"url\\\" :\\\"\" $2 \"\\\"}\"}'"] | |
| } | |
| provider "aws" { |
houey
/ EnhancedEnableAWSConfigForOrganizations.yml
Created
March 27, 2023 13:52
AWS Cloudformation template for AWS Config Recorder where cost consciousness is a concern. This template has two lines for ResourceTypes for Opt In to overcome the limits of a single string in cloudformation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: Enable AWS Config with central logging and notification with enhanced cost conciousness using two lines for opt in usage with large numbers of ResourceTypes | |
| Metadata: | |
| AWS::CloudFormation::Interface: | |
| ParameterGroups: | |
| - Label: | |
| default: Recorder Configuration | |
| Parameters: | |
| - AllSupported |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Talks and blog posts that all newcomers should check out when interested in Cloud Security | |
| Bringing a machete to the amazon (Peterson) | |
| https://youtu.be/y8nftRzbiXk | |
| Flying a false flag: (Landers) | |
| https://youtu.be/2BEwqbCbQuM | |
| Another day another billion packets (Brandwine) | |
| https://youtu.be/3qln2u1Vr2E |
houey
/ cloud_metadata.txt
Created
August 6, 2019 04:34
— forked from BuffaloWill/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## IPv6 Tests | |
| http://[::ffff:169.254.169.254] | |
| http://[0:0:0:0:0:ffff:169.254.169.254] | |
| ## AWS | |
| # Amazon Web Services (No Header Required) | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] |
houey
/ certstream_watchdog_paypal.py
Created
May 30, 2018 03:33
— forked from PaulSec/certstream_watchdog_paypal.py
certstream utility to retrieve paypal and few other fraud keywords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import certstream | |
| keywords = ['paypal', 'paypol'] | |
| def extract_domains(domains): | |
| res = [] | |
| for domain in domains: | |
| for keyword in keywords: | |
| if keyword in domain: | |
| res.append(domain) |