Last active
January 12, 2022 18:53
-
-
Save ninp0/063ee76b26a5e81157637d2df7a6a1d7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Systems Manager | |
| aws ssm describe-instance-information --query "InstanceInformationList[*]" | |
| aws ssm get-document --name "AmazonInspector-ManageAWSAgent" --output text > AmazonInspector-ManageAWSAgent.doc | |
| less AmazonInspector-ManageAWSAgent.doc | |
| aws ssm send-command --targets Key=tag:SecurityScan,Values=true --document-name "AmazonInspector-ManageAWSAgent" --query Command.CommandId --output-s3-bucket-name <LoggingBucket> | |
| aws ssm list-command-invocations --details --query "CommandInvocations[*].[InstanceId,DocumentName,Status]" --command-id <CommandId> | |
| # Inspector | |
| aws inspector create-resource-group --resource-group-tags key=SecurityScan,value=true | |
| aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn <ResourceGroupARN> | |
| aws inspector list-rules-packages | |
| aws inspector describe-rules-packages --query rulesPackages[*].[name,description] --output text --rules-package-arns <RulesPackageArns> | |
| aws inspector create-assessment-template --assessment-target-arn <AssessmentTargetArn> --assessment-template-name CISCommonVulerBestPract-Short --duration-in-seconds 900 --rules-package-arns <ThreeRulesPackageARNs> | |
| aws inspector preview-agents --preview-agents-arn <AssessmentTargetArn> | |
| aws inspector start-assessment-run --assessment-run-name FirstAssessment --assessment-template-arn <AssessmentTemplateArn> | |
| # should reply w/ collecting data | |
| aws inspector describe-assessment-runs --assessment-run-arn <AssessmentRunArn> | |
| aws inspector list-assessment-run-agents --assessment-run-arn <AssessmentRunArn> | |
| # Create and Apply a Patch Baseline | |
| aws ssm describe-document --name "AWS-PatchInstanceWithRollback" --query "Document.[Name,Description,PlatformTypes]" | |
| aws ssm describe-instance-information --query "InstanceInformationList[*]" | |
| aws ssm start-automation-execution --document-name "AWS-PatchInstanceWithRollback" --parameters "InstanceId=<InstanceId>,ReportS3Bucket=<LogBucket>" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment