sh AWS片段

Posted 2021-05-06

# find the owner of an AWS access key
# https://stackoverflow.com/a/31275655

for user in $(aws iam list-users --output text | awk '{print $NF}'); do
    aws iam list-access-keys --user $user --output text
done

# alternative that uses jq(1) insteaed of awk(1)

for user in $(aws iam list-users --query 'Users[*].UserName' --output text); do
    aws iam list-access-keys --user $user --output text
done

# check if your Amazon ECS container agent is running the latest version with the introspection API

curl -s 127.0.0.1:51678/v1/metadata | python -mjson.tool

# coding: utf-8
import boto3

s3 = boto3.resource('s3')

for bucket in s3.buckets.all():
    acl = bucket.Acl()
    for grant in acl.grants:
        if (grant['Grantee']['Type'] == 'Group'
            and grant['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AllUsers'
            and grant['Permission'] == 'READ'):
                print (bucket.name, "is PUBLIC")
                break
    else:
        print (bucket.name, "is private")

# IAM Policy to require MFA to assume a role

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::132092777689:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "true"
        }
      }
    }
  ]
}
```

# List RDS events except for "backup" events

$ aws rds describe-events --region REGION --source-identifier DATABASE_NAME --source-type db-instance --start-time DATE \
    | jq '.Events[] | select(.EventCategories[] | contains("backup") | not)'

# Find the latest Amazon Linux AMI (change region as needed)

aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 --region us-east-1 | jq .