This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for bucket in $(aws s3api list-buckets --query 'Buckets[*].Name' --output text); do policy=$(aws s3api get-bucket-lifecycle-configuration --bucket $bucket --query 'Rules[? contains(Filter.Prefix, `*`)].{Name:ID,Prefix:Filter.Prefix,Status:Status}' --output table 2>/dev/null) && [[ ! -z $policy ]] && echo -e "Bucket [$bucket] has a * prefix policy:\n$policy\n" || echo "."; done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
awsregion, | |
split_part(split_part(useragent, '/', 2), ' ',1) AS version, | |
useragent, | |
sourceipaddress, | |
useridentity.arn | |
FROM | |
cloudtrail_logs_aws_craigw_s3_cloudtrail | |
WHERE | |
useragent NOT LIKE '%.amazonaws.com' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT DISTINCT | |
awsregion, | |
split_part(split_part(useragent, '/', 2), ' ',1) AS version, | |
useragent | |
FROM | |
cloudtrail_logs_aws_craigw_s3_cloudtrail | |
WHERE | |
useragent NOT LIKE '%.amazonaws.com' | |
AND additionaleventdata NOT LIKE '%SigV4%' | |
AND useragent NOT LIKE '%aws-internal%' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
awsregion, | |
eventname, | |
sourceipaddress, | |
useragent | |
FROM | |
cloudtrail_logs_aws_craigw_s3_cloudtrail | |
WHERE | |
useragent NOT LIKE '%.amazonaws.com' | |
AND additionaleventdata NOT LIKE '%SigV4%' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWS_DEFAULT_REGION=eu-west-1 | |
aws cloudtrail create-subscription --name s3-data-trail --s3-new-bucket aws-craigw-s3-cloudtrail | |
aws cloudtrail update-trail --name s3-data-trail --is-multi-region-trail | |
aws cloudtrail put-event-selectors --trail-name s3-data-trail --event-selectors '[{"ReadWriteType": "All", "IncludeManagementEvents": false, "DataResources": [ { "Type": "AWS::S3::Object", "Values": [ "arn:aws:s3" ]}]}]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aws dynamodb create-table --table-name S3EventAggregator --attribute-definitions AttributeName=BucketName,AttributeType=S \ | |
--key-schema AttributeName=BucketName,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 | |
aws sqs create-queue --queue-name S3EventAggregatorActionQueue |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": "lambda.amazonaws.com" | |
}, | |
"Action": "sts:AssumeRole" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": "sqs:SendMessage", | |
"Resource": "arn:aws:sqs:REGION:ACCOUNT:S3EventAggregatorActionQueue" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": "dynamodb:UpdateItem", | |
"Resource": "arn:aws:dynamodb:REGION:ACCOUNT_ID:table/S3EventAggregator" | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
for bucket in $(aws s3api list-buckets --query 'Buckets[*].{Name:Name}' --output text) | |
do | |
region=$(aws s3api get-bucket-location --bucket $bucket --query 'LocationConstraint' --output text | awk '{sub(/None/,"us-east-1")}; 1') | |
parts=$(aws s3api list-multipart-uploads --bucket $bucket --region $region --query 'Uploads[*].{Key:Key,Initiated:Initiated}' --output text) | |
echo "$bucket : $parts" | |
done |
NewerOlder