Forked from exequielrafaela/aws_cloudfront_no_origin_s3_restriction_test.sh
Created
November 24, 2023 14:54
-
-
Save NavyaDeveloper/47ac50e3f45a1255bdc97c6b1afd5fde to your computer and use it in GitHub Desktop.
Revisions
-
exequielrafaela revised this gist
Oct 28, 2019 . 4 changed files with 38 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,18 @@ #!/usr/bin/env bash # # AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) # # AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. # This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) # file, or the value default to use the default profile. If you specify this environment variable, # it overrides the behavior # of using the profile named [default] in the configuration file. # # AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. # AWS_REGION="us-east-1" AWS_PROFILE="default" #==============================================================# # LISTING CLOUDFRONT DISTROS WITH Restrict Bucket Access == NO # This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,18 @@ #!/usr/bin/env bash # # AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) # # AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. # This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) # file, or the value default to use the default profile. If you specify this environment variable, # it overrides the behavior # of using the profile named [default] in the configuration file. # # AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. # AWS_REGION="us-east-1" AWS_PROFILE="default" #==========================================# # LIST EC2 IN AWS WITH PUBLIC IP ADDRS # This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,9 +6,15 @@ # # # AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) # # AWS_PROFILE – Specifies the name of the CLI profile with the credentials and options to use. # This can be the name of a profile stored in a credentials (~/.aws/credentials) or config (~/.aws/config) # file, or the value default to use the default profile. If you specify this environment variable, # it overrides the behavior # of using the profile named [default] in the configuration file. # AWS_IAM_PROFILE="default" # # AWS EBS status -> attached || deattached This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,12 @@ #!/usr/bin/env bash # # AWS ENV vars for your project (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html) # # AWS_DEFAULT_REGION – Specifies the AWS Region to send the request to. # AWS_REGION="us-east-1" AWS_PROFILE="default" #==========================================# # LISTING OBJECTS IN AWS PUBLIC S3 BUCKETS # -
Oct 27, 2019 . 4 changed files with 187 additions and 34 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,42 @@ #!/usr/bin/env bash AWS_REGION="us-east-1" AWS_PROFILE="your-aws-iam-profile-here" #==============================================================# # LISTING CLOUDFRONT DISTROS WITH Restrict Bucket Access == NO # #==============================================================# func_aws_cloudfront_origin_access_id(){ echo "#================================================================#" echo "# LIST ALL CLOUDFRONT DISTRIBUTIONS #" echo "#================================================================#" aws cloudfront list-distributions --output table \ --query "DistributionList.Items[].[Id,DomainName,Origins.Items[].[Id]]" \ --profile ${AWS_PROFILE} --region ${AWS_REGION} aws cloudfront list-distributions --output text \ --query "DistributionList.Items[].[Id]" \ --profile ${AWS_PROFILE} --region ${AWS_REGION} > temp_aws_out.txt echo "#================================================================#" echo "# LIST ALL CLOUDFRONT ORIGIN ACCESS IDENTITY CONFIG #" echo "#================================================================#" for line in $(cat temp_aws_out.txt) do echo "#================================================================#" echo "# CLOUDFRONT DISTRIBUTION: ${line} #" echo "#================================================================#" aws cloudfront get-distribution-config --id ${line} \ --output table --query "DistributionConfig.Origins.Items[].[S3OriginConfig]" \ --profile ${AWS_PROFILE} --region ${AWS_REGION} echo "" echo "#================================================================#" echo "# PLEASE PRESS ENTER TO CONTINUE WITH THE NEXT CLOUDFRONT DISTRO #" echo "#================================================================#" read done echo "" } # main func_aws_cloudfront_origin_access_id This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ #!/usr/bin/env bash AWS_REGION="us-east-1" AWS_PROFILE="your-aws-iam-profile-here" #==========================================# # LIST EC2 IN AWS WITH PUBLIC IP ADDRS # #==========================================# func_aws_ec2_public_ip(){ echo "==================================================================" echo "LIST AWS EC2 ID and IT's PUBLIC IP ADDR" echo "==================================================================" aws ec2 describe-instances --output table \ --query 'Reservations[].Instances[].[InstanceId,PublicIpAddress,State.Name,Tags[?Key==`Name`] | [0].Value]' \ --profile ${AWS_PROFILE} --region ${AWS_REGION} echo "" } # main func_aws_ec2_public_ip This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ #!/bin/bash # # Bash script functions based on awscli to get AWS EBS volumes encryption state for different scenarios # your IAM Profile and that is currently running # @@ -11,49 +11,92 @@ AWS_IAM_PROFILE="your-aws-iam-profile-here" # # AWS EBS status -> attached || deattached # AWS_EBS_ATTACHMENT_STATUS="attached" #=========================================# # Functions # #=========================================# func_aws_ec2_ebs_list_encrypted(){ # # Get all running AWS EC2 accessible via your ${AWS_IAM_PROFILE} role. # instances=`aws ec2 describe-instances --region us-east-1 \ --filters Name=instance-state-name,Values=running \ --query "Reservations[*].Instances[0].InstanceId" \ --output text \ --profile ${AWS_IAM_PROFILE}` # # Iterate over the Instances list and present: # echo "${instance} $name Volumes: $count VolumeId: $volumeid Encrypted: $encrypted" # eg: i-111111111111111 Jenkins Volumes: 2 VolumeId: vol-111111111111111 Encrypted: false # echo "#===============================================#" echo "# EBS Volumes attached to running EC2 Instances #" echo "#===============================================#" for instance in ${instances}; do count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ --query "Volumes[]" | jq -r '. | length';` name=`aws ec2 describe-tags --profile ${AWS_IAM_PROFILE} \ --filters Name=resource-id,Values=${instance} Name=key,Values=Name \ --query Tags[].Value | jq -r '.[0]'` if [[ ${count} -gt 0 ]]; then START=0 END=${count} for ((i=START; i<END; i++)) do #echo "i: $i" encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ --query "Volumes[]" | jq -r ".[$i].Encrypted";` volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --filters Name=attachment.status,Values=${AWS_EBS_ATTACHMENT_STATUS} Name=attachment.instance-id,Values=${instance} \ --query "Volumes[]" | jq -r ".[$i].VolumeId";` echo "EC2: ${instance} $name Volumes: $count EbsVolumeId: $volumeid Encrypted: $encrypted " done fi done } func_aws_ebs_list_encrypted(){ echo "" echo "#==============================================#" echo "# All EBS Volumes #" echo "#==============================================#" ebs_count=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --query "Volumes[]" | jq ".[].VolumeId | length" | wc -l` echo "N° AWS EBS VOLUMES: ${ebs_count}" echo "" if [[ ${ebs_count} -gt 0 ]]; then START=0 END=${ebs_count} for ((i=START; i<END; i++)) do #echo "i: $i" ebs_volumeid=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --query "Volumes[]" | jq -r ".[$i].VolumeId"` ebs_encrypted=`aws ec2 describe-volumes --profile ${AWS_IAM_PROFILE} \ --query "Volumes[]" | jq -r ".[$i].Encrypted"` echo "EbsVolumeId: ${ebs_volumeid} Encrypted: ${ebs_encrypted}" done fi } #=========================================# # Main() - Function calls # #=========================================# func_aws_ec2_ebs_list_encrypted func_aws_ebs_list_encrypted This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,48 @@ #!/usr/bin/env bash AWS_REGION="us-east-1" #==========================================# # LISTING OBJECTS IN AWS PUBLIC S3 BUCKETS # #==========================================# S3_BUCKETS_LIST=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3") func_aws_s3_ls(){ for i in "${S3_BUCKETS_LIST[@]}" do echo "==================================================================" echo "LIST OBJECTS AWS S3 BUCKET $i" echo "==================================================================" aws s3 ls s3://$i --region $AWS_REGION --no-sign-request aws s3 ls s3://$i --recursive --region $AWS_REGION --no-sign-request aws s3api list-objects --bucket $i --query 'Contents[].{Key: Key, Size: Size}' --region $AWS_REGION --no-sign-request aws s3api list-objects-v2 --bucket $i --region $AWS_REGION --no-sign-request echo "" done } #==========================================# # PUT OBJECTS IN AWS PUBLIC S3 BUCKETS # #==========================================# S3_BUCKETS_PUT=("your-bucket-name-here-1" "your-bucket-name-here-2" "your-bucket-name-here-3") func_aws_s3_put(){ S3_FROM="/home/delivery/Binbash/repos/3pt/3pt-secops/aws/s3/aws_s3_put_test.txt" S3_TO=aws_s3_put_test/aws_s3_put_test.txt for i in "${S3_BUCKETS_PUT[@]}" do echo "==================================================================" echo "PUT OBJECT IN AWS S3 BUCKET $i" echo "==================================================================" aws s3 cp $S3_FROM s3://$i/$S3_TO --region $AWS_REGION --no-sign-request --region $AWS_REGION --no-sign-request aws s3api put-object --bucket $i --key $S3_TO --body $S3_FROM --region $AWS_REGION --no-sign-request echo "" done } # main func_aws_s3_ls func_aws_s3_put -
Oct 26, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,59 @@ #!/bin/bash # # Bash script based on awscli to get a list of the AWS EBS volumes encryption state for every instance accesible via # your IAM Profile and that is currently running # # # Your AWS IAM profile here (~/.aws/credentials & ~/.aws/config). # AWS_IAM_PROFILE="your-aws-iam-profile-here" # # AWS EBS status -> attached || unattached # AWS_EBS_ATTACHMENT_STATUS="attached" # # Get all running AWS EC2 accesible via your $AWS_IAM_PROFILE role. # instances=`aws ec2 describe-instances --region us-east-1 \ --filters Name=instance-state-name,Values=running \ --query "Reservations[*].Instances[0].InstanceId" \ --output text \ --profile $AWS_IAM_PROFILE` # # Iterate over the Instances list and present: # echo "$instance $name Volumes: $count VolumeId: $volumeid Encrypted: $encrypted" # eg: i-111111111111111 Jenkins Volumes: 2 VolumeId: vol-111111111111111 Encrypted: false # for instance in $instances; do count=`aws ec2 describe-volumes --profile $AWS_IAM_PROFILE \ --filters Name=attachment.status,Values=$AWS_EBS_ATTACHMENT_STATUS Name=attachment.instance-id,Values=$instance \ --query "Volumes[]" | jq -r '. | length';` name=`aws ec2 describe-tags --profile $AWS_IAM_PROFILE \ --filters Name=resource-id,Values=$instance Name=key,Values=Name \ --query Tags[].Value | jq -r '.[0]'` if [ $count -gt 0 ]; then START=0 END=$count for ((i=START; i<END; i++)) do #echo "i: $i" encrypted=`aws ec2 describe-volumes --profile $AWS_IAM_PROFILE \ --filters Name=attachment.status,Values=$AWS_EBS_ATTACHMENT_STATUS Name=attachment.instance-id,Values=$instance \ --query "Volumes[]" | jq -r ".[$i].Encrypted";` volumeid=`aws ec2 describe-volumes --profile $AWS_IAM_PROFILE \ --filters Name=attachment.status,Values=$AWS_EBS_ATTACHMENT_STATUS Name=attachment.instance-id,Values=$instance \ --query "Volumes[]" | jq -r ".[$i].VolumeId";` echo "$instance $name Volumes: $count VolumeId: $volumeid Encrypted: $encrypted " done fi done