Skip to content

Instantly share code, notes, and snippets.

View watchamcb's full-sized avatar

Craig Watcham watchamcb

3 followers · 0 following
View GitHub Profile
@watchamcb
watchamcb / prefix-policies.sh
Last active June 5, 2023 17:57
https://www.deplication.net/2019/02/aws-tip-wildcard-characters-in-s3.html
for bucket in $(aws s3api list-buckets --query 'Buckets[*].Name' --output text); do policy=$(aws s3api get-bucket-lifecycle-configuration --bucket $bucket --query 'Rules[? contains(Filter.Prefix, `*`)].{Name:ID,Prefix:Filter.Prefix,Status:Status}' --output table 2>/dev/null) && [[ ! -z $policy ]] && echo -e "Bucket [$bucket] has a * prefix policy:\n$policy\n" || echo "."; done
@watchamcb
watchamcb / sigv2-version-data-event.sql
Last active February 3, 2019 08:24
SELECT
awsregion,
split_part(split_part(useragent, '/', 2), ' ',1) AS version,
useragent,
sourceipaddress,
useridentity.arn
FROM
cloudtrail_logs_aws_craigw_s3_cloudtrail
WHERE
useragent NOT LIKE '%.amazonaws.com'
@watchamcb
watchamcb / sigv2-region-non-aws-events.sql
Last active February 3, 2019 08:22
SELECT DISTINCT
awsregion,
split_part(split_part(useragent, '/', 2), ' ',1) AS version,
useragent
FROM
cloudtrail_logs_aws_craigw_s3_cloudtrail
WHERE
useragent NOT LIKE '%.amazonaws.com'
AND additionaleventdata NOT LIKE '%SigV4%'
AND useragent NOT LIKE '%aws-internal%'
@watchamcb
watchamcb / non-aws-data-events.sql
Last active February 3, 2019 08:23
SELECT
awsregion,
eventname,
sourceipaddress,
useragent
FROM
cloudtrail_logs_aws_craigw_s3_cloudtrail
WHERE
useragent NOT LIKE '%.amazonaws.com'
AND additionaleventdata NOT LIKE '%SigV4%'
@watchamcb
watchamcb / create-data-trail.sh
Created October 14, 2018 10:52
AWS_DEFAULT_REGION=eu-west-1
aws cloudtrail create-subscription --name s3-data-trail --s3-new-bucket aws-craigw-s3-cloudtrail
aws cloudtrail update-trail --name s3-data-trail --is-multi-region-trail
aws cloudtrail put-event-selectors --trail-name s3-data-trail --event-selectors '[{"ReadWriteType": "All", "IncludeManagementEvents": false, "DataResources": [ { "Type": "AWS::S3::Object", "Values": [ "arn:aws:s3" ]}]}]'
@watchamcb
watchamcb / create-dynamo-sqs.sh
Created August 9, 2018 15:05
S3EventAggregator DynamoDB and SQS creation
aws dynamodb create-table --table-name S3EventAggregator --attribute-definitions AttributeName=BucketName,AttributeType=S \
--key-schema AttributeName=BucketName,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
aws sqs create-queue --queue-name S3EventAggregatorActionQueue
@watchamcb
watchamcb / lambda-trust.json
Created August 9, 2018 15:02
S3EventAggregator Lambda trust IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
@watchamcb
watchamcb / sqs-writer.json
Created August 9, 2018 15:01
S3EventAggregator SQS write IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:SendMessage",
"Resource": "arn:aws:sqs:REGION:ACCOUNT:S3EventAggregatorActionQueue"
}
]
}
@watchamcb
watchamcb / dynamo-writer.json
Created August 9, 2018 14:59
S3EventAggregator DyamoDB IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:UpdateItem",
"Resource": "arn:aws:dynamodb:REGION:ACCOUNT_ID:table/S3EventAggregator"
}
]
}
@watchamcb
watchamcb / find-multipart-bucket.sh
Created June 7, 2016 15:36
#!/bin/bash
for bucket in $(aws s3api list-buckets --query 'Buckets[*].{Name:Name}' --output text)
do
region=$(aws s3api get-bucket-location --bucket $bucket --query 'LocationConstraint' --output text | awk '{sub(/None/,"us-east-1")}; 1')
parts=$(aws s3api list-multipart-uploads --bucket $bucket --region $region --query 'Uploads[*].{Key:Key,Initiated:Initiated}' --output text)
echo "$bucket : $parts"
done