Victor GRENU z0ph

## unusd-cloud-policy.json
{
	"Version": "2012-10-17",
	"Statement": [{
		"Action": [
			"ce:GetCostAndUsage",
			"ce:GetCostForecast",
			"cloudwatch:GetMetricStatistics",
			"ec2:Describe*",
			"ec2:List*",
			"glue:GetDevEndpoints",

## accessdenied.sql
filter errorCode="AccessDenied"
| fields eventTime, eventName, eventSource, userIdentity.sessionContext.sessionIssuer.userName

## sso_assumer.sh
#!/bin/bash

# From Victor (zoph) Grenu from zoph.io - https://zoph.io
# Twitter: @zoph

TARGET_ROLE_NAME="AdministratorAccess"

## Get list of AWS accounts using SSO
AWS_ACCESS_TOKEN=$(cat $(ls -1d ~/.aws/sso/cache/* | grep -v botocore) | jq -r "{accessToken} | .[]")
ACCOUNTS_IDS=($(aws sso list-accounts --access-token $AWS_ACCESS_TOKEN | jq -r '.accountList[] | .accountId'))

## loop.sh
#!/bin/bash

# https://awscli.amazonaws.com/v2/documentation/api/latest/reference/account/put-alternate-contact.html

# Parameters
SECURITY_EMAIL="victor@zoph.io"
SECURITY_PHONE=""
SECURITY_TITLE="Owner"
SECURITY_NAME="Victor Grenu"

## find_loggroups_size.sh
aws logs describe-log-groups \
  --query "logGroups[*].{LogGroup:logGroupName,VolumeSize:storedBytes,RetentionInDays:retentionInDays} | reverse(sort_by(@, &VolumeSize))" \
  --output table

## aws_config_setup.py
import boto3
import re
from urllib.request import urlopen
import logging

# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.put_configuration_recorder

# Purpose:
# Activate Custom AWS Record for AWS Config
# Supported resource type: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources

## deprecated-policies.json
[
    "TagGovernancePolicy",
    "AWSLambdaReadOnlyAccess",
    "AmazonEC2RolePolicyForApplicationWizard",
    "AmazonEverestServicePolicy",
    "AmazonEC2SpotFleetRole",
    "AWSOpsWorksFullAccess",
    "AWSSchemasServiceRolePolicy",
    "AmazonMechanicalTurkCrowdReadOnlyAccess",
    "AmazonApplicationWizardFullaccess",

## findings.txt
==> Validation of:  ./policies/TagGovernancePolicy
==> Finding:  [
    {
        "findingDetails": "Using ForAllValues qualifier with the single-valued condition key organizations:ServicePrincipal can be overly permissive. We recommend that you remove ForAllValues:.",
        "findingType": "SECURITY_WARNING",
        "issueCode": "FORALLVALUES_WITH_SINGLE_VALUED_KEY",
        "learnMoreLink": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html#access-analyzer-reference-policy-checks-security-warning-forallvalues-with-single-valued-key",
        "locations": [
            {
                "path": [

## unfollow_everyone.py
#!/usr/bin/env python

import tweepy
from config import create_api


def unfollow_everyone(api):
    friends = api.friends_ids("<your_twitter_screen_name")

    for f in friends:

## s3BucketsEncryptionLookup.sh
for ITEM in $(aws s3api list-buckets --output json |grep "Name" | cut -d":" -f2 | cut -d'"' -f2); do echo $ITEM " --- " $(aws s3api get-bucket-encryption --bucket $ITEM 2>&1); done
	{
	"Version": "2012-10-17",
	"Statement": [{
	"Action": [
	"ce:GetCostAndUsage",
	"ce:GetCostForecast",
	"cloudwatch:GetMetricStatistics",
	"ec2:Describe*",
	"ec2:List*",
	"glue:GetDevEndpoints",
	filter errorCode="AccessDenied"
	\| fields eventTime, eventName, eventSource, userIdentity.sessionContext.sessionIssuer.userName
	#!/bin/bash

	# From Victor (zoph) Grenu from zoph.io - https://zoph.io
	# Twitter: @zoph

	TARGET_ROLE_NAME="AdministratorAccess"

	## Get list of AWS accounts using SSO
	AWS_ACCESS_TOKEN=$(cat $(ls -1d ~/.aws/sso/cache/* \| grep -v botocore) \| jq -r "{accessToken} \| .[]")
	ACCOUNTS_IDS=($(aws sso list-accounts --access-token $AWS_ACCESS_TOKEN \| jq -r '.accountList[] \| .accountId'))
	#!/bin/bash

	# https://awscli.amazonaws.com/v2/documentation/api/latest/reference/account/put-alternate-contact.html

	# Parameters
	SECURITY_EMAIL="victor@zoph.io"
	SECURITY_PHONE=""
	SECURITY_TITLE="Owner"
	SECURITY_NAME="Victor Grenu"
	aws logs describe-log-groups \
	--query "logGroups[*].{LogGroup:logGroupName,VolumeSize:storedBytes,RetentionInDays:retentionInDays} \| reverse(sort_by(@, &VolumeSize))" \
	--output table
	import boto3
	import re
	from urllib.request import urlopen
	import logging

	# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/config.html#ConfigService.Client.put_configuration_recorder

	# Purpose:
	# Activate Custom AWS Record for AWS Config
	# Supported resource type: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources
	[
	"TagGovernancePolicy",
	"AWSLambdaReadOnlyAccess",
	"AmazonEC2RolePolicyForApplicationWizard",
	"AmazonEverestServicePolicy",
	"AmazonEC2SpotFleetRole",
	"AWSOpsWorksFullAccess",
	"AWSSchemasServiceRolePolicy",
	"AmazonMechanicalTurkCrowdReadOnlyAccess",
	"AmazonApplicationWizardFullaccess",
	==> Validation of: ./policies/TagGovernancePolicy
	==> Finding: [
	{
	"findingDetails": "Using ForAllValues qualifier with the single-valued condition key organizations:ServicePrincipal can be overly permissive. We recommend that you remove ForAllValues:.",
	"findingType": "SECURITY_WARNING",
	"issueCode": "FORALLVALUES_WITH_SINGLE_VALUED_KEY",
	"learnMoreLink": "https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html#access-analyzer-reference-policy-checks-security-warning-forallvalues-with-single-valued-key",
	"locations": [
	{
	"path": [
	#!/usr/bin/env python

	import tweepy
	from config import create_api


	def unfollow_everyone(api):
	friends = api.friends_ids("<your_twitter_screen_name")

	for f in friends: