Skip to content

Instantly share code, notes, and snippets.

View jtroberts83's full-sized avatar

Jamison Roberts jtroberts83

30 followers · 1 following
View GitHub Profile
@jtroberts83
jtroberts83 / Git-Markup-Code-Example
Created October 14, 2020 19:45
Example Code Post Markup
```
Your code here with triple ticks on seperate lines above AND below the code
```
@jtroberts83
jtroberts83 / iam-role-find-ec2-ecs-lambda-trusts
Created May 13, 2020 20:41
Cloud Custodian policy which will identify IAM Role trust relationships which contain ec2, ecs, or lambda
policies:
- name: test-iam-role
resource: iam-role
filters:
- or:
- type: value
key: AssumeRolePolicyDocument.Statement[0].Principal.Service
@jtroberts83
jtroberts83 / c7n_schema_additions.yaml
Last active April 29, 2020 06:08
Cloud Custodian Schema Additions in 0.9.1.0 Release
There are 161 resources in c7n v0.8.46.1
There are 171 resources in c7n v0.9.1.0
New Resources Added between two schemas:
backup-vault
elasticache-group
emr-security-configuration
glue-catalog
@jtroberts83
jtroberts83 / ami-public-remediate.yaml
Last active March 3, 2021 23:26
Policy for Cloud Custodian which will remove public sharing permissions for AMIs shared outside of your accounts
policies:
- name: ami-public-remediate-realtime
mode:
type: cloudtrail
events:
- source: "ec2.amazonaws.com"
event: "ModifyImageAttribute"
ids: "requestParameters.imageId"
@jtroberts83
jtroberts83 / CloudCustodianSNStoDynamoDBTable.py
Created February 5, 2020 17:54
AWS Lambda function code (python 3.6) which reads in a Cloud Custodian message, parses the fields and sends to a DynamoDB table
import json
import boto3
import random
def lambda_handler(event, context):
dynamodb = boto3.client('dynamodb')
Records = event['Records']
print(json.dumps(event))
for Record in Records:
@jtroberts83
jtroberts83 / tag-enforce-filters-example
Created November 21, 2019 02:36
Cloud Custodian Tag Enforcement Filters Example
filters:
- or:
- "tag:ResourceContact": absent
- not:
- type: value
key: "tag:ResourceContact"
op: regex
value: (^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)
- type: value
@jtroberts83
jtroberts83 / terminatepublicips.yaml
Last active September 12, 2019 15:42
Terminate EC2s launch with public IP
- name: no-ec2-public-ips-realtime
resource: ec2
description: |
If a EC2 instance is launched with a public IP attached initially
it will get terminated.
mode:
type: cloudtrail
events:
- RunInstances
filters:
@jtroberts83
jtroberts83 / CloudWatch-To-Elasticsearch-Metrics-Ingester.py
Created September 6, 2019 10:22
Python3.7 Script Which Queries CloudWatch For Desired Metrics Across All Accounts And Regions And Pushes To ElasticSearch
##
## CloudWatch-To-Elasticsearch-Metrics-Ingester.py Script written by Jamison Roberts
##
## Description: This script is written in Python 3 and uses the AWS boto3 python library to make bulk calls to AWS S3 and CloudWatch services.
## A CSV of all Federated AWS accounts and names is downloaded from S3 and then the script performs a for loop on each account.
## Within each account the script will perform a for loop on each region specified, create a cloudwatch boto3 client, and then
## query CloudWatch Metrics to pull metrics counts for each metric provided in the call. Then the total returned metrics count
## for each account are totalled and printed on the console.
@jtroberts83
jtroberts83 / eks waiting example
Created September 6, 2019 02:25
policies:
- name: eks-mark-waiting
mode:
type: periodic
schedule: "rate(10 minutes)"
packages:
- botocore
- boto3
- urllib3
@jtroberts83
jtroberts83 / c7n-iam-user-tag-enforce-policies.yaml
Last active August 21, 2020 12:47
Cloud Custodian IAM User Tag Enforcement Example
policies:
###################################################
### First Tag the Creator of the IAM User #####
###################################################
- name: iam-auto-tag-user
resource: iam-user
mode:
packages: [boto3, botocore, urllib3]