| route53domains:RegisterDomain | |
| route53domains:RenewDomain | |
| route53domains:TransferDomain | |
| ec2:ModifyReservedInstances | |
| ec2:PurchaseHostReservation | |
| ec2:PurchaseReservedInstancesOffering | |
| ec2:PurchaseScheduledInstances | |
| rds:PurchaseReservedDBInstancesOffering | |
| dynamodb:PurchaseReservedCapacityOfferings | |
| s3:PutObjectRetention |
| # .github/workflows/app.yaml | |
| name: My Python Project | |
| on: push | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| services: |
| #!/bin/bash | |
| # Delete Default VPCs | |
| # Deletes Default VPCs across an entire organization if there are no ENIs in | |
| # the default VPC. | |
| # | |
| # Assumes that ~/.aws/credentials has credentials to the root account for the | |
| # AWS Organization. Assumes that the user/role you're logged into in the | |
| # root account has permissions to assume the OrganizationAccountAccessRole in | |
| # each member account. Requires jq and aws cli be installed on the path. |
| #---------Query MetaData for SubscriptionID---------# | |
| $response2 = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/instance?api-version=2018-02-01' -Method GET -Headers @{Metadata="true"} -UseBasicParsing | |
| $subID = ($response2.Content | ConvertFrom-Json).compute.subscriptionId | |
| #---------Get OAuth Token---------# | |
| $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"} -UseBasicParsing | |
| $content = $response.Content | ConvertFrom-Json | |
| $ArmToken = $content.access_token |
| import json | |
| from policy_sentry.analysis.analyze import analyze_by_access_level, determine_actions_to_expand | |
| from policy_sentry.shared.database import connect_db | |
| DB_SESSION = connect_db('bundled') # Use the bundled data that comes with Policy Sentry | |
| sample_policy = json.loads(""" | |
| { | |
| "Statement":[ |
This is a list of all the magic IP addresses that are addressible in AWS.
| IP Address | Description |
|---|---|
| 169.254.169.254 | AWS Metadata Service |
| 169.254.169.253 | Alternate VPC DNS resolver |
| 169.254.169.123 | AWS Time Service |
| 169.254.170.2 | ECS Task Metadata |
| 169.254.169.250 | Windows Activation |
| 169.254.169.251 | Windows Activation |
| function jq() { | |
| if [ -f $1 ]; then | |
| FILE=$1; shift | |
| # Move FILE at the end as expected by native jq | |
| command jq "$@" "$FILE" | |
| else | |
| command jq "$@" | |
| fi | |
| } |
| #!/usr/bin/env python3 | |
| # Demonstrates the use of Python to work with Cognito. | |
| # Create a new a user, log in, check tokens and call an API. | |
| # The purpose was to learn about Cognito. Security has been | |
| # circumvented in the interest of keeping it simple. | |
| # Notably, the authentication procedure uses the most insecure | |
| # method. This code is not intended for use in production. | |
| # | |
| # https://www.neant.ro/aws/working-with-cognito-and-api-gateway-in-python.html |
