Last active
November 24, 2023 14:54
-
-
Save exequielrafaela/4cce5cf7198d5f239153e339587ab392 to your computer and use it in GitHub Desktop.
Scurity & Audit Bash script functions based on awscli to get differente AWS services information for different scenarios
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) | |
# | |
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. | |
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) | |
# file, or the value default to use the default profile. If you specify this environment variable, | |
# it overrides the behavior | |
# of using the profile named [default] in the configuration file. | |
# | |
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. | |
# | |
AWS_REGION="us-east-1" | |
AWS_PROFILE="default" | |
#==============================================================# | |
# LISTING CLOUDFRONT DISTROS WITH Restrict Bucket Access == NO # | |
#==============================================================# | |
func_aws_cloudfront_origin_access_id(){ | |
echo "#================================================================#" | |
echo "# LIST ALL CLOUDFRONT DISTRIBUTIONS #" | |
echo "#================================================================#" | |
aws cloudfront list-distributions --output table \ | |
--query "DistributionList.Items[].[Id,DomainName,Origins.Items[].[Id]]" \ | |
--profile ${AWS_PROFILE} --region ${AWS_REGION} | |
aws cloudfront list-distributions --output text \ | |
--query "DistributionList.Items[].[Id]" \ | |
--profile ${AWS_PROFILE} --region ${AWS_REGION} > temp_aws_out.txt | |
echo "#================================================================#" | |
echo "# LIST ALL CLOUDFRONT ORIGIN ACCESS IDENTITY CONFIG #" | |
echo "#================================================================#" | |
for line in $(cat temp_aws_out.txt) | |
do | |
echo "#================================================================#" | |
echo "# CLOUDFRONT DISTRIBUTION: ${line} #" | |
echo "#================================================================#" | |
aws cloudfront get-distribution-config --id ${line} \ | |
--output table --query "DistributionConfig.Origins.Items[].[S3OriginConfig]" \ | |
--profile ${AWS_PROFILE} --region ${AWS_REGION} | |
echo "" | |
echo "#================================================================#" | |
echo "# PLEASE PRESS ENTER TO CONTINUE WITH THE NEXT CLOUDFRONT DISTRO #" | |
echo "#================================================================#" | |
read | |
done | |
echo "" | |
} | |
# main | |
func_aws_cloudfront_origin_access_id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) | |
# | |
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. | |
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) | |
# file, or the value default to use the default profile. If you specify this environment variable, | |
# it overrides the behavior | |
# of using the profile named [default] in the configuration file. | |
# | |
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. | |
# | |
AWS_REGION="us-east-1" | |
AWS_PROFILE="default" | |
#==========================================# | |
# LIST EC2 IN AWS WITH PUBLIC IP ADDRS # | |
#==========================================# | |
func_aws_ec2_public_ip(){ | |
echo "==================================================================" | |
echo "LIST AWS EC2 ID and IT's PUBLIC IP ADDR" | |
echo "==================================================================" | |
aws ec2 describe-instances --output table \ | |
--query 'Reservations[].Instances[].[InstanceId,PublicIpAddress,State.Name,Tags[?Key==`Name`] | [0].Value]' \ | |
--profile ${AWS_PROFILE} --region ${AWS_REGION} | |
echo "" | |
} | |
# main | |
func_aws_ec2_public_ip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Bash script functions based on awscli to get AWS EBS volumes encryption state for different scenarios | |
# your IAM Profile and that is currently running | |
# | |
# | |
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) | |
# | |
# AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. | |
# This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) | |
# file, or the value default to use the default profile. If you specify this environment variable, | |
# it overrides the behavior | |
# of using the profile named [default] in the configuration file. | |
# | |
AWS_IAM_PROFILE="default" | |
# | |
# AWS EBS status -> attached || deattached | |
# | |
AWS_EBS_ATTACHMENT_STATUS="attached" | |
#=========================================# | |
# Functions # | |
#=========================================# | |
func_aws_ec2_ebs_list_encrypted(){ | |
# | |
# Get all running AWS EC2 accessible via your ${AWS_IAM_PROFILE} role. | |
# | |
instances=`aws ec2 describe-instances --region us-east-1 \ | |
--filters Name=instance-state-name,Values=running \ | |
--query "Reservations[*].Instances[0].InstanceId" \ | |
--output text \ | |
--profile ${AWS_IAM_PROFILE}` | |
# | |
# Iterate over the Instances list and present: | |
# echo "${instance} $name Volumes: $count VolumeId: $volumeid Encrypted: $encrypted" | |
# eg: i-111111111111111 Jenkins Volumes: 2 VolumeId: vol-111111111111111 Encrypted: false | |
# | |
echo "#===============================================#" | |
echo "# EBS Volumes attached to running EC2 Instances #" | |
echo "#===============================================#" | |
for instance in ${instances}; | |
do | |
count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ | |
--query "Volumes[]" | jq -r '. | length';` | |
name=`aws ec2 describe-tags --profile ${AWS_IAM_PROFILE} \ | |
--filters Name=resource-id,Values=${instance} Name=key,Values=Name \ | |
--query Tags[].Value | jq -r '.[0]'` | |
if [[ ${count} -gt 0 ]]; then | |
START=0 | |
END=${count} | |
for ((i=START; i<END; i++)) | |
do | |
#echo "i: $i" | |
encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ | |
--query "Volumes[]" | jq -r ".[$i].Encrypted";` | |
volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ | |
--query "Volumes[]" | jq -r ".[$i].VolumeId";` | |
echo "EC2: ${instance} $name Volumes: $count EbsVolumeId: $volumeid Encrypted: $encrypted " | |
done | |
fi | |
done | |
} | |
func_aws_ebs_list_encrypted(){ | |
echo "" | |
echo "#==============================================#" | |
echo "# All EBS Volumes #" | |
echo "#==============================================#" | |
ebs_count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--query "Volumes[]" | jq ".[].VolumeId | length" | wc -l` | |
echo "N° AWS EBS VOLUMES: ${ebs_count}" | |
echo "" | |
if [[ ${ebs_count} -gt 0 ]]; then | |
START=0 | |
END=${ebs_count} | |
for ((i=START; i<END; i++)) | |
do | |
#echo "i: $i" | |
ebs_volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--query "Volumes[]" | jq -r ".[$i].VolumeId"` | |
ebs_encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ | |
--query "Volumes[]" | jq -r ".[$i].Encrypted"` | |
echo "EbsVolumeId: ${ebs_volumeid} Encrypted: ${ebs_encrypted}" | |
done | |
fi | |
} | |
#=========================================# | |
# Main() - Function calls # | |
#=========================================# | |
func_aws_ec2_ebs_list_encrypted | |
func_aws_ebs_list_encrypted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) | |
# | |
# AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. | |
# | |
AWS_REGION="us-east-1" | |
AWS_PROFILE="default" | |
#==========================================# | |
# LISTING OBJECTS IN AWS PUBLIC S3 BUCKETS # | |
#==========================================# | |
S3_BUCKETS_LIST=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3") | |
func_aws_s3_ls(){ | |
for i in "${S3_BUCKETS_LIST[@]}" | |
do | |
echo "==================================================================" | |
echo "LIST OBJECTS AWS S3 BUCKET $i" | |
echo "==================================================================" | |
aws s3 ls s3://$i --region $AWS_REGION --no-sign-request | |
aws s3 ls s3://$i --recursive --region $AWS_REGION --no-sign-request | |
aws s3api list-objects --bucket $i --query 'Contents[].{Key: Key, Size: Size}' --region $AWS_REGION --no-sign-request | |
aws s3api list-objects-v2 --bucket $i --region $AWS_REGION --no-sign-request | |
echo "" | |
done | |
} | |
#==========================================# | |
# PUT OBJECTS IN AWS PUBLIC S3 BUCKETS # | |
#==========================================# | |
S3_BUCKETS_PUT=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3") | |
func_aws_s3_put(){ | |
S3_FROM="/home/delivery/Binbash/repos/3pt/3pt-secops/aws/s3/aws_s3_put_test.txt" | |
S3_TO=aws_s3_put_test/aws_s3_put_test.txt | |
for i in "${S3_BUCKETS_PUT[@]}" | |
do | |
echo "==================================================================" | |
echo "PUT OBJECT IN AWS S3 BUCKET $i" | |
echo "==================================================================" | |
aws s3 cp $S3_FROM s3://$i/$S3_TO --region $AWS_REGION --no-sign-request --region $AWS_REGION --no-sign-request | |
aws s3api put-object --bucket $i --key $S3_TO --body $S3_FROM --region $AWS_REGION --no-sign-request | |
echo "" | |
done | |
} | |
# main | |
func_aws_s3_ls | |
func_aws_s3_put |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment