| ❌ Restriction | ✅ Secure Alternative | 🔍 Why? |
|---|---|---|
iam:PassRole with Resource: "*" ❌ |
Restrict to specific roles | Prevent privilege escalation |
s3:Get* with Resource: "*" ❌ |
Use specific arn:aws:s3:::bucket-name & apply s3:ResourceAccount condition when * is needed |
Prevent broad S3 data access |
sts:AssumeRole with Resource: "*" ❌ |
Restrict to specific trusted roles | Prevent unauthorized cross-account access |
| kms:Get* ❌ | Restrict to specific KMS keys | Avoid unauthorized decryption |
kms:CreateKey with Resource: "*" ❌ |
Require tagging conditions | Enforce key management best practices |
s3:PutObject without s3:x-amz-server-side-encryption ❌ |
Require encryption enforcement | Ensure data confidentiality |
RajChowdhury240
/ ad.py
Last active
March 3, 2025 16:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import csv | |
| import json | |
| import threading | |
| from botocore.exceptions import ClientError | |
| from rich.console import Console | |
| from rich.table import Table | |
| # Initialize AWS Clients | |
| org_client = boto3.client("organizations") |
RajChowdhury240
/ checks.md
Created
March 3, 2025 12:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import csv | |
| import time | |
| from rich.console import Console | |
| from rich.progress import Progress, TimeRemainingColumn, BarColumn | |
| from rich.table import Table | |
| ROLE_NAME = "ca-admin" | |
| OUTPUT_CSV = "cloudwatch_alarms.csv" |
RajChowdhury240
/ dope.py
Last active
February 25, 2025 15:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| import csv | |
| import threading | |
| from concurrent.futures import ThreadPoolExecutor, as_completed | |
| from rich.progress import Progress, BarColumn, TimeRemainingColumn, SpinnerColumn | |
| from rich.console import Console | |
| from rich.table import Table | |
RajChowdhury240
/ do.py
Last active
February 25, 2025 13:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| import csv | |
| import time | |
| import concurrent.futures | |
| from botocore.exceptions import BotoCoreError, ClientError | |
| from rich.console import Console | |
| from rich.table import Table | |
| from rich.progress import Progress, TimeRemainingColumn |
RajChowdhury240
/ x.md
Last active
February 24, 2025 15:52
import boto3
import json
import threading
import time
from botocore.exceptions import ClientError
from rich.progress import Progress, SpinnerColumn, TimeElapsedColumn
from rich.console import Console
from rich.table import Table
RajChowdhury240
/ def.md
Created
February 24, 2025 14:24
| Action Pattern | Condition to Check | Allowed? |
|---|---|---|
iam:PassRole |
Must not have Resource: "*" |
❌ Not Allowed |
s3:Get* |
Must not have Resource: "*" unless a condition is present |
❌ Not Allowed |
kms:Get* |
This action should not be present at all | ❌ Not Allowed |
kms:CreateKey |
If present, it must have a tagging condition (aws:RequestTag) |
✅ Allowed (with condition) |
iam:CreateRole |
Must not have Resource: "*" |
❌ Not Allowed |
iam:DeleteRole |
Must not have Resource: "*" |
RajChowdhury240
/ trip.md
Last active
February 24, 2025 12:30
- Arrive at Bagdogra Airport and take a cab to Darjeeling.
- Check in to the hotel.
- If we check in before 1 PM, head to Ghum Station for the toy train ride (8:00 AM, 10:40 AM, 1:40 PM, 4:10 PM).
- Otherwise, relax at the hotel and explore Darjeeling Mall Road in the evening.
RajChowdhury240
/ console.py
Created
February 21, 2025 16:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| import csv | |
| import threading | |
| from rich.progress import Progress, BarColumn, TimeRemainingColumn, SpinnerColumn | |
| from rich.console import Console | |
| from rich.table import Table | |
| AWS_REGION = "us-east-1" | |
| ACCOUNT_ID = "590183941608" |
RajChowdhury240
/ rtx.py
Created
February 21, 2025 15:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| import json | |
| import csv | |
| import os | |
| import threading | |
| from concurrent.futures import ThreadPoolExecutor, as_completed | |
| from rich.progress import Progress, TimeRemainingColumn, BarColumn, SpinnerColumn | |
| from rich.console import Console | |
| from rich.table import Table |
NewerOlder