Last active
November 16, 2021 02:47
-
-
Save jimfdavies/1a47086fa7d734ee36eb to your computer and use it in GitHub Desktop.
Revisions
-
jimfdavies renamed this gist
Apr 27, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Apr 27, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Apr 27, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,37 @@ # Security groups that contain 0.0.0.0/0 rules aws ec2 describe-security-groups --filters Name=ip-permission.cidr,Values=0.0.0.0/0 --output=text | grep SECURITYGROUPS # Security groups for ElasticSearch aws ec2 describe-security-groups --filters Name=ip-permission.from-port,Values=9200 --output=text | grep SECURITYGROUPS # Search last 10,000/1MB of CloudTrail logs for 'AccessDenied' (removed AWS account number from stream name) aws logs get-log-events --log-group-name CloudTrail/DefaultLogGroup --log-stream-name 000000000000_CloudTrail_eu-west-1 | grep AccessDenied # Get number of AWS API calls in time period (assumes a Cloudwatch Logs 'catch-all' filter and metric has been created against CloudTrail logs) aws cloudwatch get-metric-statistics --namespace LogMetrics --metric-name AllApiCallsCount --period 60 --statistics Sum --start-time 2015-04-15T13:40:00 --end-time 2015-04-15T13:55:00 # Security groups with particular name aws ec2 describe-security-groups --filters Name=group-name,Values=*external* --output=text | grep SECURITYGROUPS # Instance IDs on known subnet ranges aws ec2 describe-instances --filters Name="private-ip-address",Values="10.100.1.*","10.100.2.*" --query "Reservations[*].Instances[*].InstanceId" # Count instance types aws ec2 describe-instances --query 'Reservations[*].Instances[*].InstanceType' --output=text | sort | uniq -c | sort -r # ELB summaries aws elb describe-load-balancers --query 'LoadBalancerDescriptions[*].{Name:DNSName,Instances:Instances[*],SecurityGroups:SecurityGroups[*],Listeners:ListenerDescriptions[*].Listener.LoadBalancerPort}' # Elastic IP summaries aws ec2 describe-addresses --query "Addresses[*].{PublicIp:PublicIp,InstanceId:InstanceId}" # Show scheduled events aws ec2 describe-instance-status --filters Name=event.code,Values=instance-reboot,system-reboot,system-maintenance,instance-retirement,instance-stop --query "InstanceStatuses[*].{InstanceId:InstanceId,Event:[Events[*].Code,Events[*].NotBefore,Events[*].Description]}" # Show last 10 security group ingress changes aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=AuthorizeSecurityGroupIngress --max-results 10 # Show IDs and names of instances in specified subnets aws ec2 describe-instances --filters Name="subnet-id",Values="subnet-<id>","subnet-<id>" \ --query "Reservations[*].Instances[*].{InstanceId:InstanceId,SubnetId:SubnetId,Tags:[Tags[*].Value],PrivateIpAddress:PrivateIpAddress,\ PublicIpAddress:PublicIpAddress,SecurityGroupNames:[SecurityGroups[*].GroupName],SecurityGroupIds:[SecurityGroups[*].GroupId]}"