Skip to content

Instantly share code, notes, and snippets.

View obijan42's full-sized avatar

Jan Hertsens obijan42

3 followers · 2 following
View GitHub Profile
@obijan42
obijan42 / remove-WorkDocsDrive.sh
Created July 16, 2024 00:57
Completely remove an Amazon Workdocs from a Mac system
sudo rm -rf "/Applications/Amazon WorkDocs Drive.app" "/Library/Application Support/com.Amazon.WorkDocs.DriveUpdater" "/Library/StagedExtensions/Library/Filesystems/AmazonWorkDocs.fs" "/Library/Filesystems/AmazonWorkDocs.fs" /Library/LaunchDaemons/com.Amazon.WorkDocs.DriveUpdater.plist
rm -rf ~/.config/Amazon/AWSWorkDocs*. ~/Library/*/*workdocs* ~/Library/*/*WorkDocs*
sudo rm -r /Library/Filesystems/__MACOSX/AmazonWorkDocs.fs
sudo rm /Library/Application\ Support/JAMF/Receipts/AmazonWorkDocs*
@obijan42
obijan42 / CodeBuild_disable_privilegedmode_all.sh
Last active June 19, 2023 23:20
Example AWS findings remediation scripts
#!/bin/bash
# Finding: CodeBuild.5 CodeBuild project environments should not have privileged mode enabled
# This script reviews CodeBuild project environments and ensures privileged mode is disabled.
# Get list of CodeBuild projects
projects=$(aws codebuild list-projects --query 'projects' --output text)
# Loop through each project
@obijan42
obijan42 / Sg.cft.yml
Last active April 14, 2023 17:01
Add SG to EC2
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Create a Lambda function to add a security group to every EC2 instance and schedule it to run daily'
Resources:
LambdaExecutionRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
@obijan42
obijan42 / SCP-NoConsoleUsers.json
Created August 19, 2021 19:20
AWS SCP To prevent local console users (with passwords)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "NoConsoleUsers",
"Effect": "Deny",
"Action": "iam:CreateLoginProfile",
"Resource": "*"
}
]
@obijan42
obijan42 / access_key_rotate.sh
Created January 21, 2021 21:34
Rotate AWS access keys : Given existing keys, get new ones
#!/usr/bin/env bash
# Log to syslog if output streams not attached to a terminal (cron, launchd)
if ! test -t 1 && ! test -t 2; then
exec 1> >(tee >(logger -t $(basename $0))) 2>&1
fi
# Assign the arguments to variables
# saner programming env: these switches turn some bugs into errors
set -eu -o errexit -o pipefail -o noclobber -o nounset
@obijan42
obijan42 / queries.sql
Last active October 4, 2024 00:19
AWS Config Advanced Query - Useful queries
Reference:
https://github.com/awslabs/aws-config-resource-schema/tree/master/config/properties/resource-types
-- List active cloudtrails
SELECT
accountId,
awsRegion,
resourceId,
configuration.s3BucketName,
@obijan42
obijan42 / AllowSelfRotate.json
Last active August 19, 2021 20:06
AWS IAM: Allow a users AWS access key (and secret key) to self-rotate
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:*AccessKey*",
"iam:GetUser",
"iam:*ServiceSpecificCredential*",
"iam:*SigningCertificate*"
@obijan42
obijan42 / SCP-NoRoot.json
Last active July 24, 2019 19:16
AWS SCP To block root from doing most things (some things still allowed)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "NoRoot",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"StringLike": {
@obijan42
obijan42 / SCP-Sandbox.json
Created May 15, 2019 21:00
AWS SCP to make an account a sandbox
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"organizations:Remove*",
"organizations:Move*",
"organizations:Create*",
"organizations:Attach*",
@obijan42
obijan42 / access.sh
Created February 11, 2019 19:45
Give me access to AWS accounts
# Via CFT:
https://g.obijan.com/awsaccess
# For ssh:
curl https://github.com/obijan42.keys >> ~ec2-user/.ssh/authorized_keys