This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
export CLUSTER_NAME=${CLUSTER_NAME:-example.cluster.k8s.local} | |
export KUBERNETES_VERSION=${KUBERNETES_VERSION:-https://storage.googleapis.com/kubernetes-release/release/v1.9.0/} | |
export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-west-2} | |
# Get all available AZs | |
export AWS_AVAILABILITY_ZONES="$(aws ec2 describe-availability-zones --query 'AvailabilityZones[].ZoneName' --output text | awk -v OFS="," '$1=$1')" | |
# Create a unique s3 bucket name, or use an existing S3_BUCKET environment variable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: 2010-09-09 | |
Description: "Application: ECS Cluster on EC2 with ECS Capacity Providers into existing VPC." | |
Parameters: | |
#Networking | |
PrivateSubnet1Id: | |
Description: Logical ID of Private Subnet 1 | |
Type: AWS::SSM::Parameter::Value<AWS::EC2::Subnet::Id> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: "Security: Creates an AWS Security Hub in all accounts in the Control Tower" | |
Parameters: | |
Regions: | |
Type: CommaDelimitedList | |
Description: Regions to deploy Stack Set into | |
Default: "ap-southeast-2" | |
OrganizationalUnitIds: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: "Security: Deploys a Security Hub Resource." | |
Parameters: {} | |
Resources: | |
SecHub: | |
Type: 'AWS::SecurityHub::Hub' | |
Properties: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: "Security: Delegate an account for AWS SecurityHub centralisation within a single region within an AWS Organisation." | |
Parameters: | |
ServicePrincipal: | |
Type: String | |
Description: The Service Principal to delegate access to | |
Default: securityhub.amazonaws.com | |
AdminAccountId: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: "Security: Enable AWS SecurityHub in a centralised Account within an AWS Organisation." | |
Parameters: | |
AlertsTopicArn: | |
Description: Alert topic ARN | |
Type: String | |
LogRetention: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
STACK_NAME_PREFIX="alarm" | |
for acc in `aws organizations list-accounts --query 'Accounts[*].Id' --output text `; | |
do | |
echo "checking account $acc now";\ | |
OUT=$(aws sts assume-role --role-arn arn:aws:iam::$acc:role/OrganizationAccountAccessRole --role-session-name ckecking-account-$acc);\ | |
export AWS_ACCESS_KEY_ID=$(echo $OUT | jq -r '.Credentials''.AccessKeyId');\ | |
export AWS_SECRET_ACCESS_KEY=$(echo $OUT | jq -r '.Credentials''.SecretAccessKey');\ | |
export AWS_SESSION_TOKEN=$(echo $OUT | jq -r '.Credentials''.SessionToken'); | |
aws cloudformation list-stacks --query "StackSummaries[?starts_with(StackName, '$STACK_NAME_PREFIX')].StackName" --stack-status-filter "CREATE_COMPLETE" "UPDATE_COMPLETE" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import datetime | |
from dateutil.tz import tzutc | |
resource = boto3.resource('iam') | |
client = boto3.client('iam') | |
today = datetime.datetime.now() | |
final_report = '' | |
number = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
""" | |
Originally from Lyle Scott, III // [email protected] | |
https://gist.github.com/LyleScott/fefed8ee9708eece2e6b99c8845efc2d | |
$ python3 rm_empty_s3_buckets.py --help | |
usage: rm_empty_s3_buckets.py [-h] [-p PROFILE] [-b BUCKET_PREFIX] [-ne] | |
optional arguments: | |
-h, --help show this help message and exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/python | |
import boto3 | |
import botocore | |
from botocore.config import Config | |
def list_waf_acls_v2_regional(wafv2client): | |
list_of_acls = wafv2client.list_web_acls(Scope='REGIONAL')['WebACLs'] | |
print('The following V2 REGIONAL WebACLs have been discovered.....') | |
print(str(list_of_acls)) | |
return list_of_acls |
OlderNewer