Skip to content

Instantly share code, notes, and snippets.

@marcinguy
Created August 14, 2019 13:26
Show Gist options
  • Save marcinguy/4738ab3426f24a52a84c45b5dd813ef4 to your computer and use it in GitHub Desktop.
Save marcinguy/4738ab3426f24a52a84c45b5dd813ef4 to your computer and use it in GitHub Desktop.
Checks for exposed EBS Snapshots
#!/bin/bash
#
# RUN:
# AWS_PROFILE=[profile] AWS_REGION=[region] ./check-exposed-ebs.sh
#
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
snapshots=$(aws ec2 describe-snapshots \
--region $AWS_REGION \
--owner-ids $AWS_ACCOUNT_ID \
--filters "Name=status,Values=completed" \
--output text \
--query "Snapshots[*].SnapshotId" | tr "\t" "\n")
for ss in $snapshots; do
echo -n "Checking EBS snapshot '$ss': "
perms=$(aws ec2 describe-snapshot-attribute \
--region $AWS_REGION \
--snapshot-id $ss \
--attribute createVolumePermission \
--query 'CreateVolumePermissions[]')
[[ $perms =~ '"Group": "all"' ]] && echo "vulnerable!" || echo "secure!"
done
echo "All done!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment