huynhbaoan

Certainly! Below is a breakdown of what to look for in the output of each CLI command to determine whether a resource is public-facing:

1. EC2 Instances with Public IP Addresses

aws ec2 describe-instances --query 'Reservations[*].Instances[?PublicIpAddress!=null].[InstanceId,PublicIpAddress]' --output table

	•	Look for: The PublicIpAddress field. If an EC2 instance has a public IP address, it is public-facing.

2. Elastic Load Balancers (ALB, NLB) with Internet-Facing Access

huynhbaoan

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Playlist with Multiple Videos and Timed Switching</title>
</head>
<body>

    <h1>YouTube Playlist</h1>

huynhbaoan

#!/bin/bash

# List all AWS Config rules
config_rules=$(aws configservice describe-config-rules --query 'ConfigRules[].ConfigRuleName' --output text)

# Iterate over each rule to find non-compliant items
for rule in $config_rules; do
  echo "Checking rule: $rule"
  
  # Get non-compliant resources for each rule

huynhbaoan

1. EC2 Instances with Public IP Addresses

aws ec2 describe-instances --query 'Reservations[*].Instances[?PublicIpAddress!=null].[InstanceId,PublicIpAddress]' --output table
aws ec2 describe-instances --query 'Reservations[*].Instances[?PublicIpAddress!=null].[InstanceId,PublicIpAddress] | [?length(@)!=`0`]' --output table

	•	Look for: The PublicIpAddress field. If an EC2 instance has a public IP address, it is public-facing.

2. Elastic Load Balancers (ALB, NLB) with Internet-Facing Access

huynhbaoan

awk '{
    ip = $2
    url = gensub(/.*"(https?:\/\/[^"]+)".*/, "\\1", "g", $0)
    status = $7
    user_agent = gensub(/.*"[^"]*"\s+"([^"]+)".*/, "\\1", "g", $0)

    # Print fields separated by pipes for easy re-parsing
    print ip "|" url "|" status "|" user_agent
}' esg.access.log-20241016

huynhbaoan

import requests
import boto3
import getpass
import base64
import os
import csv
import xml.etree.ElementTree as ET
from bs4 import BeautifulSoup
import sys
from urllib3.exceptions import InsecureRequestWarning

huynhbaoan

def verify_authentication(credentials: Dict[str, str]) -> bool:
    """Verify the authentication by calling GetCallerIdentity using temporary credentials."""
    try:
        # Create a session using temporary SSO credentials
        session = boto3.Session(
            aws_access_key_id=credentials['AccessKeyId'],
            aws_secret_access_key=credentials['SecretAccessKey'],
            aws_session_token=credentials['SessionToken']
        )
        sts_client = session.client('sts')

huynhbaoan

import requests
import boto3
import getpass
import base64
import os
import csv
import xml.etree.ElementTree as ET
from bs4 import BeautifulSoup
import sys
from urllib3.exceptions import InsecureRequestWarning

huynhbaoan

import requests
import boto3
import getpass
import base64
import os
import csv
import xml.etree.ElementTree as ET
from bs4 import BeautifulSoup
import sys
from urllib3.exceptions import InsecureRequestWarning

huynhbaoan

#!/usr/bin/env python
"""
    Run a CloudWatch Insights query, then save the results as CSV
"""
from __future__ import print_function
import sys
import time
from datetime import datetime
import csv
import re