Find out who modified a IAM user policy
SELECT eventname,
useridentity.arn,
sourceIPAddress,
eventtime,
0eNrVfdtuXUmO5a809JwaxP2S6B+Yl5mneWoUErJ8Mn1QsqTRJbsTBf/7HElOe0s668Qil93AvFTZSmuRwQgyyCA3+a+zD1ePu9u7/fXDbx9ubv559uu/vv/k/uzX/9j89em/7S9vrl9+fL//4/ri6ulnD3/d7s5+Pds/7D6f/XJ2ffH56W+7q93lw93+8vz3x7vri8vd2ZdfzvbXH3f/dfZr/PLLkV//c3/38Hj4yTeEl39xfvlpd/nPzW+nL//45Wx3/bB/2O9eOHn+y1+/XT9+/rC7O8B/Q/j94v7h/OHu4vr+9ubu4fzD7urhAH97c3/43ZvrJ9oHvPNY2v+ov5z9dfhjioc/Hkh93N8duH/+N+mJ2TcUkplCNVLIZgrFSKGYKeQTFMoRCtVMIRjX0MwUopFCt1LI00hhmCkMI4VpptCNOx2DmYRVIaJZq7NVI6JZrXO2kjDrdU5WEmbFztG63WbNTlatiGbVTla1iGbdTt1KwqzcyXoVRbN2p2rc7mTW7mTVi2TW7mTVi2TW7mS9LJJZu5P1xktm7Y7Tut1m7Y5WvUhNcaAOf/xyDPS7Pu+v73d3D4cfLpAKJY/vSvx593H/+Pn8m2t7e3O1WzljBXA7Ff+rUj5k4ASSjALJdgc7WVlPimcHDkjO5o3c+lpgI3OhpLz1CzkpV8X1RCJoHLPNymxXfEzuSNgd5WYlMRU3Foi8BPupS8tTVyK3kdm4kUXygZEIMsdssDIrubrUkSh2LQxWEk3xppHIu/nUpbY+dYPayK2fzG3kVFxxIILKXX+pGJmtdl+1GI9ETYpTz5HIilOPRF7spy4sT12t3EZG60Y2JSJAIuC80DiszA7F8eeOhFkLt6ugSLSgxBZA5C3iR+dFAJCemX56uL5/+u+3dzcfHw/s/3mAP/98+PPhzB7WcYxmstFMP4JmNtHcuoN+msVGs/0ImtVGM/8Ims1GM/wImt1Ec3vl+WkOG83yI2hOG834A2j2YKK5NWR+mtH8ABEY09+T9AARjlv |
#!/usr/bin/env python3 | |
import os | |
import boto3 | |
import botocore | |
def paginate(method, **kwargs): | |
""" Generic boto paginator class """ | |
client = method.__self__ | |
paginator = client.get_paginator(method.__name__) | |
for page in paginator.paginate(**kwargs).result_key_iters(): |
aws support --region us-east-1 describe-trusted-advisor-check-result --check-id N420c450f2 | jq '.result.flaggedResources[].metadata | .[3] + " CNAME " + .[3] ' |
These are some unsorted notes I am taking along my journey with AWS CloudFormation (CFN). I plan to collect some good practices here
While AWS can be used cost for cost-saving, it is not for the weak of wallet at first. If you just want to run a VM with a public IP, you probably won't benefit from AWS at all.
# minimal example for lambda debugging with API GW | |
from pprint import pformat | |
def lambda_handler(event, context): | |
return { | |
'statusCode': '200', | |
'body': pformat(event), | |
'headers': { | |
'Content-Type': 'application/json', | |
'Access-Control-Allow-Origin': '*' |
from pprint import pprint | |
import boto3 | |
def lambda_handler(event, context): | |
client = boto3.client('glue') | |
for endpoint in (client.get_dev_endpoints()['DevEndpoints']): | |
pprint(client.delete_dev_endpoint( | |
EndpointName= endpoint["EndpointName"] | |
)) | |
return "Dev endpoints deleted" |
# Get and print IAM instance role | |
ROLE=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ -s); echo $ROLE |
python -c 'import sys, yaml, json; yaml.safe_dump(json.load(sys.stdin), sys.stdout, default_flow_style=False)' < input.json > output.yaml |
#!/usr/bin/env python3 | |
# Don't ask for MFA token every time | |
from botocore import credentials | |
import botocore.session | |
import boto3 | |
import os | |
# Boto3 MFA session magic | |
working_dir = os.path.join(os.path.expanduser('~'),'.aws/cli/cache') |