Last active
September 4, 2019 15:47
-
-
Save jfeilbach/7b09e2594bf30bebf8981133635cbf66 to your computer and use it in GitHub Desktop.
Checks the last time a user logged into AWS console
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Checks the last time a user logged into AWS console via CloudTrail | |
| # Outputs to stdout or notify OSD | |
| # Requires ~/.aws/credentials with AWS_REGION and AWS_DEFAULT_PROFILE set | |
| SECONDS=0 | |
| export AWS_SSH_KEY=<key name> | |
| export AWS_REGION=us-gov-west-1 | |
| export AWS_DEFAULT_PROFILE=gov | |
| user1='<user email addr>' | |
| name1='<username>' | |
| user2='Administrator' | |
| name2='Administrator' | |
| # Re-auth to AWS and get a new access key/secret key just in case | |
| /home/jason/go-fed -i urn:amazon:webservices:govcloud up gov | |
| displaytime () { | |
| local T=$SECONDS | |
| local D=$((T/60/60/24)) | |
| local H=$((T/60/60%24)) | |
| local M=$((T/60%60)) | |
| local S=$((T%60)) | |
| [[ $D > 0 ]] && printf '%d days ' $D | |
| [[ $H > 0 ]] && printf '%d hours ' $H | |
| [[ $M > 0 ]] && printf '%d minutes ' $M | |
| [[ $D > 0 || $H > 0 || $M > 0 ]] && printf 'and ' | |
| printf '%d seconds\n' $S | |
| } | |
| notify () { | |
| urgency=${1} | |
| notify-send \ | |
| --expire-time 5000 \ | |
| --urgency=${urgency} \ | |
| -icon=face-surprise \ | |
| "'${name}' logged into AWS in the last 24 hours." "Last AWS login: ${local_date}" | |
| } | |
| get_login_date () { | |
| user=${1} | |
| utc=$(aws cloudtrail \ | |
| lookup-events \ | |
| --lookup-attributes \ | |
| AttributeKey=Username,AttributeValue=${user} \ | |
| | grep EventTime \ | |
| | head -n 1 \ | |
| | awk '{ print $2}' \ | |
| | tr -d "\"\,") | |
| } | |
| convert () { | |
| utc_date="${1}" | |
| name="${2}" | |
| local_date=$(date -d @${utc_date}) | |
| utc_fix=$(echo "${utc_date}" | rev | cut -c 3- | rev) | |
| calc_date=$(($(date +%s) - 86400)) | |
| if [[ "${utc_fix}" -gt "${calc_date}" ]]; then | |
| notify-send --expire-time 5000 --urgency=normal -icon=face-surprise "'${name}' logged into AWS in the last 24 hours." "Last AWS login: ${local_date}" | |
| else | |
| notify-send --expire-time 5000 --urgency=normal --icon=face-crying "NO LOGIN ${name} last 24 hours." "Last AWS login: ${local_date}" | |
| fi | |
| # Uncomment below to send to stdout | |
| echo "${name} last AWS login: ${local_date}" | |
| } | |
| get_login_date ${user1} | |
| convert ${utc} "${name1}" | |
| get_login_date ${user2} | |
| convert ${utc} "${name2}" | |
| # Uncomment below to output $displaytime to stdout | |
| echo "Took $(displaytime) to complete ${0}." | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment