This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Windows AMIs don't have WinRM enabled by default -- this script will enable WinRM | |
# AND install 7-zip, curl and .NET 4 if its missing. | |
# Then use the EC2 tools to create a new AMI from the result, and you have a system | |
# that will execute user-data as a PowerShell script after the instance fires up! | |
# This has been tested on Windows 2008 SP2 64bits AMIs provided by Amazon | |
# | |
# Inject this as user-data of a Windows 2008 AMI, like this (edit the adminPassword to your needs): | |
# | |
# <powershell> | |
# Set-ExecutionPolicy Unrestricted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"description": "Copy the centos.org CentOS 6 AMI into our account so that we can add boot volume encryption.", | |
"min_packer_version": "0.11.0", | |
"variables": { | |
"aws_region": "us-east-1", | |
"aws_vpc": null, | |
"aws_subnet": null, | |
"ssh_username": "centos" | |
}, | |
"builders": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
console.log('Loading event'); | |
var aws = require('aws-sdk'); | |
var s3 = new aws.S3({apiVersion: '2006-03-01'}); | |
var sqs = new aws.SQS({apiVersion: '2012-11-05'}); | |
exports.handler = function(event, context, callback) { | |
s3.listBuckets(function(err,data) { | |
if (err) { | |
console.log('ERROR: Problem getting list of buckets. This should have something to do with incorrect IAM permissions for the lambda.'); | |
errorMessage = 'ERROR: Error from S3: '+err; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Function Get-WinEventTail | |
{ | |
<# | |
.SYNOPSIS | |
A tail cmdlet for Eventlogs | |
.DESCRIPTION | |
This function will allow you to tail Windows Event Logs. You specify | |
a Logname for either the original logs, Application, System and Security or | |
the new format for the newer logs Microsoft-Windows-PowerShell/Operational | |
.PARAMETER LogName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Try | |
{ | |
$VPCs = $null | |
$VPCs = Get-EC2Vpc -Filter @{Name="isDefault"; Values="true"} -Region $Region -AccessKey $AccessKey -SecretKey $SecretAccessKey -SessionToken $SessionToken -ErrorAction Stop | |
$Script:TotalAPICalls ++ | |
##Write-Host "Successfully gathered VPCs in account $Account" -ForegroundColor Green | |
} | |
Catch | |
{ | |
Write-Host " ERROR gathered VPCs in account $Account - $_" -ForegroundColor Red |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
``` | |
filter eventName="ConsoleLogin" | |
| stats count(*) as eventCount by userIdentity.userName, sourceIPAddress | |
| sort eventCount desc | |
filter not sourceIPAddress =~ /^(?i)123.123.123.123/ and userIdentity.userName =~/^(?i)\w/ | |
| stats count(*) as eventCount by eventName, userIdentity.userName, sourceIPAddress | |
| sort eventCount desc | |
filter eventName="ConsoleLogin" |