Skip to content

Instantly share code, notes, and snippets.

View adamcousins's full-sized avatar

Adam Cousins adamcousins

View GitHub Profile
@adamcousins
adamcousins / create.sh
Created January 17, 2018 03:58 — forked from micahhausler/create.sh
kops - kubernetes 1.9
#!/usr/bin/env bash
export CLUSTER_NAME=${CLUSTER_NAME:-example.cluster.k8s.local}
export KUBERNETES_VERSION=${KUBERNETES_VERSION:-https://storage.googleapis.com/kubernetes-release/release/v1.9.0/}
export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-west-2}
# Get all available AZs
export AWS_AVAILABILITY_ZONES="$(aws ec2 describe-availability-zones --query 'AvailabilityZones[].ZoneName' --output text | awk -v OFS="," '$1=$1')"
# Create a unique s3 bucket name, or use an existing S3_BUCKET environment variable
@adamcousins
adamcousins / cluster.yaml
Created August 11, 2020 06:45
ECS Cluster on EC2/ASG with CapacityProviders
AWSTemplateFormatVersion: 2010-09-09
Description: "Application: ECS Cluster on EC2 with ECS Capacity Providers into existing VPC."
Parameters:
#Networking
PrivateSubnet1Id:
Description: Logical ID of Private Subnet 1
Type: AWS::SSM::Parameter::Value<AWS::EC2::Subnet::Id>
AWSTemplateFormatVersion: '2010-09-09'
Description: "Security: Creates an AWS Security Hub in all accounts in the Control Tower"
Parameters:
Regions:
Type: CommaDelimitedList
Description: Regions to deploy Stack Set into
Default: "ap-southeast-2"
OrganizationalUnitIds:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: "Security: Deploys a Security Hub Resource."
Parameters: {}
Resources:
SecHub:
Type: 'AWS::SecurityHub::Hub'
Properties: {}
AWSTemplateFormatVersion: '2010-09-09'
Description: "Security: Delegate an account for AWS SecurityHub centralisation within a single region within an AWS Organisation."
Parameters:
ServicePrincipal:
Type: String
Description: The Service Principal to delegate access to
Default: securityhub.amazonaws.com
AdminAccountId:
AWSTemplateFormatVersion: '2010-09-09'
Description: "Security: Enable AWS SecurityHub in a centralised Account within an AWS Organisation."
Parameters:
AlertsTopicArn:
Description: Alert topic ARN
Type: String
LogRetention:
@adamcousins
adamcousins / gist:216916cd294db69d77e8059fccf378cd
Created December 5, 2023 04:12
List All Cloudformation Stacks Starting With in AWS Organisation
STACK_NAME_PREFIX="alarm"
for acc in `aws organizations list-accounts --query 'Accounts[*].Id' --output text `;
do
echo "checking account $acc now";\
OUT=$(aws sts assume-role --role-arn arn:aws:iam::$acc:role/OrganizationAccountAccessRole --role-session-name ckecking-account-$acc);\
export AWS_ACCESS_KEY_ID=$(echo $OUT | jq -r '.Credentials''.AccessKeyId');\
export AWS_SECRET_ACCESS_KEY=$(echo $OUT | jq -r '.Credentials''.SecretAccessKey');\
export AWS_SESSION_TOKEN=$(echo $OUT | jq -r '.Credentials''.SessionToken');
aws cloudformation list-stacks --query "StackSummaries[?starts_with(StackName, '$STACK_NAME_PREFIX')].StackName" --stack-status-filter "CREATE_COMPLETE" "UPDATE_COMPLETE"
@adamcousins
adamcousins / unused.py
Last active February 1, 2024 23:28
List Unused Access Keys
import boto3
import datetime
from dateutil.tz import tzutc
resource = boto3.resource('iam')
client = boto3.client('iam')
today = datetime.datetime.now()
final_report = ''
number = 1
#!/usr/bin/env python3
"""
Originally from Lyle Scott, III // [email protected]
https://gist.github.com/LyleScott/fefed8ee9708eece2e6b99c8845efc2d
$ python3 rm_empty_s3_buckets.py --help
usage: rm_empty_s3_buckets.py [-h] [-p PROFILE] [-b BUCKET_PREFIX] [-ne]
optional arguments:
-h, --help show this help message and exit
#!/bin/python
import boto3
import botocore
from botocore.config import Config
def list_waf_acls_v2_regional(wafv2client):
list_of_acls = wafv2client.list_web_acls(Scope='REGIONAL')['WebACLs']
print('The following V2 REGIONAL WebACLs have been discovered.....')
print(str(list_of_acls))
return list_of_acls