This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| REGION="${1:-}" | |
| PROFILE="${2:-}" | |
| if [[ -z "$REGION" ]]; then | |
| echo "Usage: $0 region [profile] [--fix]" | |
| exit 1 | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ------------------------------------------------------------------------------ | |
| # algif-aead-scan.sh | |
| # | |
| # Passive AWS scan for CVE-2026-31431 / Copy Fail mitigation readiness. | |
| # | |
| # Checks running EC2 instances, including EKS worker nodes, via AWS SSM. | |
| # | |
| # It checks whether the kernel module algif_aead is: | |
| # - loaded |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| #output: prefixed | |
| env: | |
| LambdaS3Bucket: ambda-code-eu-central-1 | |
| Version: 0.0.1 | |
| LambdaSourceCodeDirectory: config-rules | |
| vars: | |
| REGION: echo AWS_REGION | |
| tasks: | |
| uploadlambdacode: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: Create KMS Key for CloudWatch and SSM | |
| Metadata: | |
| Author: | |
| Description: David Krohn | |
| Resources: | |
| CloudWatchKey: | |
| Type: 'AWS::KMS::Key' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: Set default setting for SSM and encrypts CloudWatch LogGroup | |
| Metadata: | |
| Author: | |
| Description: David Krohn | |
| Parameters: | |
| CloudWatchKey: | |
| Description: Default SSM KMS Key | |
| Type: AWS::SSM::Parameter::Value<String> | |
| Default: /KMS/CW/DEFAULT/ARN |