Skip to content

Instantly share code, notes, and snippets.

View houey's full-sized avatar
🏠
Working from home

Houston houey

🏠
Working from home
57 followers · 218 following
View GitHub Profile
@houey
houey / get-identities.py
Created May 20, 2025 12:46 — forked from dagrz/get-identities.py
#!/usr/bin/env python3
"""
AWS Identity Collector: Extract Trust and Privilege Data Across Accounts
This script collects identity and access metadata from one or more AWS accounts,
including IAM roles, IAM users, SSO (AWS IAM Identity Center) users, and their policies.
It’s used as a precursor for analyzing trust relationships and admin-equivalent access
across AWS environments.
@houey
houey / Proposal.md
Created March 17, 2025 02:34
2025 fwdcloudsec attendance proposal

FWD:CLOUDSEC 2025 CONFERENCE ATTENDANCE PROPOSAL

EXECUTIVE SUMMARY

I am requesting approval to attend the fwd:cloudsec 2025 North American conference, a premier event focused on cloud security innovation and best practices. This conference represents a strategic investment in our organization's cloud security capabilities and will provide immediate value through expert-led sessions, hands-on training, and networking opportunities with industry leaders.

CONFERENCE DETAILS

Event: fwd:cloudsec 2025 North American Conference
Dates: [Insert conference dates when available]
Location: [Insert location when available]
Estimated Cost: [Insert estimate based on registration, travel, and accommodation]

@houey
houey / Iamcheetsheet.md
Last active October 26, 2024 13:34
IAM conditions and operators Cheet Sheet

Complete AWS IAM Conditions and Operators Cheat Sheet

Table of Contents

  1. String Operators
  2. Numeric Operators
  3. Date Operators
  4. Boolean Operators
  5. IP Address Operators
  6. ARN Operators
  7. Set Operators (Multiple Value)
@houey
houey / get-SCP.bat
Created May 10, 2024 14:06
Pull SCPs and content with windows
@echo off
REM Get list of SCPs in the organization
for /f "tokens=*" %%i in ('aws organizations list-policies --filter SERVICE_CONTROL_POLICY ^| jq -r ".Policies[].Id"') do (
set scp_id=%%i
REM Get SCP content
for /f "tokens=*" %%j in ('aws organizations describe-policy --policy-id !scp_id!') do (
set scp_content=%%j
)
@houey
houey / pullSCPs.sh
Last active May 10, 2024 14:48
Pull down SCPs from AWS and put the content of each into a json file
#!/bin/bash
# Get list of SCPs in the organization
scps=$(aws organizations list-policies --filter SERVICE_CONTROL_POLICY | jq -r '.Policies[].Id')
# Loop through each SCP and save its content into a JSON file
for scp_id in $scps; do
# Get SCP content
scp_content=$(aws organizations describe-policy --policy-id $scp_id)
@houey
houey / scp_data_perimeter_draft
Created April 8, 2024 14:11
data perimeter_draft_ec2
{
"Version": "2012-10-17",
"Statement": [
{
"NotAction": [
"dax:*",
"es:ESHttp*"
],
"Resource": "*",
"Effect": "Deny",
@houey
houey / aws_organizations_migration_notes.md
Last active July 4, 2025 07:45

Preface:

It is, unfortunately, extremely common for customers and enterprises operating in AWS to have chosen a workload/storage bearing account (more than likely, the main production account) as the Organization Management Account (formerly known Organization "Master" account, before AWS adopted better naming).
Many customers and companies operating in AWS made this decision in 2018 or so and its unforunately not something that can be easily changed as of 2024. Many customers have requests to AWS to make a friendly path for rehoming the Org Management account, but last I heard it is still not prioritized. Thus, we as customers are left to go through the nerve-wracking, if not dangerous process of migrating to a new AWS Organization in order to align with modern best practices and reduce common privilege escalation and account to account lateral movement concerns (made worse if you happen to have enabled things like Cloudformation Stacksets, Control Tower, or other powerful services in the same

@houey
houey / deleteallapis.sh
Created September 15, 2023 22:01
delete all aws api gateway apis
#usage deleteallapis.sh us-east-1
for api_id in $(aws apigatewayv2 get-apis --region $1 --query 'Items[*].ApiId' --output text); do aws apigatewayv2 delete-api --region $1 --api-id $api_id ; done
@houey
houey / gist:dd8333ae2ac680f49bd9e46e2ca38750
Created September 8, 2023 20:19
christophe's terraform tagger
data "external" "git_commit" {
program = ["git", "log", "--pretty=format:{ \"sha\": \"%H\" }", "-1", "HEAD"]
}
data "external" "git_remote_url" {
program = ["sh", "-c", "git remote -v | head -n 1 | awk '{print \"{\\\"url\\\" :\\\"\" $2 \"\\\"}\"}'"]
}
provider "aws" {
@houey
houey / EnhancedEnableAWSConfigForOrganizations.yml
Created March 27, 2023 13:52
AWS Cloudformation template for AWS Config Recorder where cost consciousness is a concern. This template has two lines for ResourceTypes for Opt In to overcome the limits of a single string in cloudformation
AWSTemplateFormatVersion: 2010-09-09
Description: Enable AWS Config with central logging and notification with enhanced cost conciousness using two lines for opt in usage with large numbers of ResourceTypes
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Recorder Configuration
Parameters:
- AllSupported