Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save exequielrafaela/4cce5cf7198d5f239153e339587ab392 to your computer and use it in GitHub Desktop.
Save exequielrafaela/4cce5cf7198d5f239153e339587ab392 to your computer and use it in GitHub Desktop.
Scurity & Audit Bash script functions based on awscli to get differente AWS services information for different scenarios
#!/usr/bin/env bash
#
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
#
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use.
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config)
# file, or the value default to use the default profile. If you specify this environment variable,
# it overrides the behavior
# of using the profile named [default] in the configuration file.
#
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to.
#
AWS_REGION="us-east-1"
AWS_PROFILE="default"
#==============================================================#
# LISTING CLOUDFRONT DISTROS WITH Restrict Bucket Access == NO #
#==============================================================#
func_aws_cloudfront_origin_access_id(){
echo "#================================================================#"
echo "# LIST ALL CLOUDFRONT DISTRIBUTIONS #"
echo "#================================================================#"
aws cloudfront list-distributions --output table \
--query "DistributionList.Items[].[Id,DomainName,Origins.Items[].[Id]]" \
--profile ${AWS_PROFILE} --region ${AWS_REGION}
aws cloudfront list-distributions --output text \
--query "DistributionList.Items[].[Id]" \
--profile ${AWS_PROFILE} --region ${AWS_REGION} > temp_aws_out.txt
echo "#================================================================#"
echo "# LIST ALL CLOUDFRONT ORIGIN ACCESS IDENTITY CONFIG #"
echo "#================================================================#"
for line in $(cat temp_aws_out.txt)
do
echo "#================================================================#"
echo "# CLOUDFRONT DISTRIBUTION: ${line} #"
echo "#================================================================#"
aws cloudfront get-distribution-config --id ${line} \
--output table --query "DistributionConfig.Origins.Items[].[S3OriginConfig]" \
--profile ${AWS_PROFILE} --region ${AWS_REGION}
echo ""
echo "#================================================================#"
echo "# PLEASE PRESS ENTER TO CONTINUE WITH THE NEXT CLOUDFRONT DISTRO #"
echo "#================================================================#"
read
done
echo ""
}
# main
func_aws_cloudfront_origin_access_id
#!/usr/bin/env bash
#
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
#
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use.
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config)
# file, or the value default to use the default profile. If you specify this environment variable,
# it overrides the behavior
# of using the profile named [default] in the configuration file.
#
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to.
#
AWS_REGION="us-east-1"
AWS_PROFILE="default"
#==========================================#
# LIST EC2 IN AWS WITH PUBLIC IP ADDRS #
#==========================================#
func_aws_ec2_public_ip(){
echo "=================================================================="
echo "LIST AWS EC2 ID and IT's PUBLIC IP ADDR"
echo "=================================================================="
aws ec2 describe-instances --output table \
--query 'Reservations[].Instances[].[InstanceId,PublicIpAddress,State.Name,Tags[?Key==`Name`] | [0].Value]' \
--profile ${AWS_PROFILE} --region ${AWS_REGION}
echo ""
}
# main
func_aws_ec2_public_ip
#!/bin/bash
#
# Bash script functions based on awscli to get AWS EBS volumes encryption state for different scenarios
# your IAM Profile and that is currently running
#
#
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
#
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use.
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config)
# file, or the value default to use the default profile. If you specify this environment variable,
# it overrides the behavior
# of using the profile named [default] in the configuration file.
#
AWS_IAM_PROFILE="default"
#
# AWS EBS status -> attached || deattached
#
AWS_EBS_ATTACHMENT_STATUS="attached"
#=========================================#
# Functions #
#=========================================#
func_aws_ec2_ebs_list_encrypted(){
#
# Get all running AWS EC2 accessible via your ${AWS_IAM_PROFILE} role.
#
instances=`aws ec2 describe-instances --region us-east-1 \
--filters Name=instance-state-name,Values=running \
--query "Reservations[*].Instances[0].InstanceId" \
--output text \
--profile ${AWS_IAM_PROFILE}`
#
# Iterate over the Instances list and present:
# echo "${instance} $name Volumes: $count VolumeId: $volumeid Encrypted: $encrypted"
# eg: i-111111111111111 Jenkins Volumes: 2 VolumeId: vol-111111111111111 Encrypted: false
#
echo "#===============================================#"
echo "# EBS Volumes attached to running EC2 Instances #"
echo "#===============================================#"
for instance in ${instances};
do
count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \
--query "Volumes[]" | jq -r '. | length';`
name=`aws ec2 describe-tags --profile ${AWS_IAM_PROFILE} \
--filters Name=resource-id,Values=${instance} Name=key,Values=Name \
--query Tags[].Value | jq -r '.[0]'`
if [[ ${count} -gt 0 ]]; then
START=0
END=${count}
for ((i=START; i<END; i++))
do
#echo "i: $i"
encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \
--query "Volumes[]" | jq -r ".[$i].Encrypted";`
volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \
--query "Volumes[]" | jq -r ".[$i].VolumeId";`
echo "EC2: ${instance} $name Volumes: $count EbsVolumeId: $volumeid Encrypted: $encrypted "
done
fi
done
}
func_aws_ebs_list_encrypted(){
echo ""
echo "#==============================================#"
echo "# All EBS Volumes #"
echo "#==============================================#"
ebs_count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--query "Volumes[]" | jq ".[].VolumeId | length" | wc -l`
echo "N° AWS EBS VOLUMES: ${ebs_count}"
echo ""
if [[ ${ebs_count} -gt 0 ]]; then
START=0
END=${ebs_count}
for ((i=START; i<END; i++))
do
#echo "i: $i"
ebs_volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--query "Volumes[]" | jq -r ".[$i].VolumeId"`
ebs_encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \
--query "Volumes[]" | jq -r ".[$i].Encrypted"`
echo "EbsVolumeId: ${ebs_volumeid} Encrypted: ${ebs_encrypted}"
done
fi
}
#=========================================#
# Main() - Function calls #
#=========================================#
func_aws_ec2_ebs_list_encrypted
func_aws_ebs_list_encrypted
#!/usr/bin/env bash
#
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
#
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to.
#
AWS_REGION="us-east-1"
AWS_PROFILE="default"
#==========================================#
# LISTING OBJECTS IN AWS PUBLIC S3 BUCKETS #
#==========================================#
S3_BUCKETS_LIST=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3")
func_aws_s3_ls(){
for i in "${S3_BUCKETS_LIST[@]}"
do
echo "=================================================================="
echo "LIST OBJECTS AWS S3 BUCKET $i"
echo "=================================================================="
aws s3 ls s3://$i --region $AWS_REGION --no-sign-request
aws s3 ls s3://$i --recursive --region $AWS_REGION --no-sign-request
aws s3api list-objects --bucket $i --query 'Contents[].{Key: Key, Size: Size}' --region $AWS_REGION --no-sign-request
aws s3api list-objects-v2 --bucket $i --region $AWS_REGION --no-sign-request
echo ""
done
}
#==========================================#
# PUT OBJECTS IN AWS PUBLIC S3 BUCKETS #
#==========================================#
S3_BUCKETS_PUT=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3")
func_aws_s3_put(){
S3_FROM="/home/delivery/Binbash/repos/3pt/3pt-secops/aws/s3/aws_s3_put_test.txt"
S3_TO=aws_s3_put_test/aws_s3_put_test.txt
for i in "${S3_BUCKETS_PUT[@]}"
do
echo "=================================================================="
echo "PUT OBJECT IN AWS S3 BUCKET $i"
echo "=================================================================="
aws s3 cp $S3_FROM s3://$i/$S3_TO --region $AWS_REGION --no-sign-request --region $AWS_REGION --no-sign-request
aws s3api put-object --bucket $i --key $S3_TO --body $S3_FROM --region $AWS_REGION --no-sign-request
echo ""
done
}
# main
func_aws_s3_ls
func_aws_s3_put
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment