Medium doesn't support tables in their blogs so I have to put them here as CSV files first. SMH
Kinnaird McQuade kmcquade
kmcquade
/ ssm-action-table-sample.csv
Created
January 9, 2020 00:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Actions | Access Level | Resource Type | |
|---|---|---|---|
| ssm:GetParameter | Read | parameter | |
| ssm:DescribeParameters | List | parameter | |
| ssm:PutParameter | Write | parameter | |
| secretsmanager:PutResourcePolicy | Permissions management | secret | |
| secretsmanager:TagResource | Tagging | secret |
kmcquade
/ ec2-arn-table-sample.csv
Created
January 9, 2020 00:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Resource Types | ARN | |
|---|---|---|
| security-group | arn:${Partition}:ec2:${Region}:${Account}:security-group/${SecurityGroupId} |
kmcquade
/ ec2-actions-table-sample.csv
Created
January 9, 2020 00:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Actions | Resource Types | |
|---|---|---|
| ec2:AuthorizeSecurityGroupIngress | security-group* | |
| ec2:AuthorizeSecurityGroupEgress | security-group* |
kmcquade
/ a_Policy_sentry_blog_tables.md
Created
January 9, 2020 00:02
Stuff for the Policy Sentry blog - thanks, Medium, for not supporting Tables in your blogs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import logging | |
| import time | |
| import botocore.config | |
| from cartography.util import run_cleanup_job | |
| logger = logging.getLogger(__name__) | |
kmcquade
/ AWS API calls that return credentials.md
Last active
June 11, 2025 07:04
AWS API calls that return credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package common | |
| # --------------------------------------------------------------------------------------------------------------------- | |
| # Not Working | |
| # --------------------------------------------------------------------------------------------------------------------- | |
| list_should_not_contain(attributes_list, undesired_item) { | |
| list_item = attributes_list[_] | |
| list_item != undesired_item |
Code I'm using in seeking help from the OPA Slack channel.
Here's the idea.
For the resource_key_value_matches function, I want to allow users to specify the path within a resource, with any number of nested levels deep.
For an example call, see the common_test.rego file.
resource_key_value_matches(s3_bucket_plan.resource_changes[0], "server_side_encryption_configuration[0].rule[0].apply_server_side_encryption_by_default[0].sse_algorithm", "AES256")
kmcquade
/ parse_arn.py
Created
August 3, 2019 20:05
— forked from gene1wood/parse_arn.py
Parse an AWS ARN (Amazon Resource Name) into it's constituent elements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def parse_arn(arn): | |
| # http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html | |
| elements = arn.split(':') | |
| result = {'arn': elements[0], | |
| 'partition': elements[1], | |
| 'service': elements[2], | |
| 'region': elements[3], | |
| 'account': elements[4] | |
| } | |
| if len(elements) == 7: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "format_version": "0.1", | |
| "terraform_version": "0.12.2", | |
| "planned_values": { | |
| "root_module": { | |
| "resources": [ | |
| { | |
| "address": "aws_s3_bucket.bad_bucket", | |
| "mode": "managed", | |
| "type": "aws_s3_bucket", |