This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
description: Set all EBS volumes of an EC2 instance to delete on instance termination | |
schemaVersion: '0.3' | |
parameters: | |
InstanceId: | |
type: String | |
AutomationAssumeRole: | |
type: String | |
default: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/AWS-SystemsManager-AutomationExecutionRole' | |
description: >- | |
(Optional) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parameters: | |
RoleName: | |
Description: Name of role to be created - this will be suffixed with the region name | |
Type: String | |
SourceRoleArn: | |
Description: Source IAM role ARN to assume the role | |
Type: String | |
Resources: | |
ConfigCrossAcctEvaluationRole: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = ">= 5.0" | |
} | |
} | |
} | |
resource "aws_config_organization_custom_policy_rule" "required_tags" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform { | |
required_providers { | |
aws = { | |
source = "hashicorp/aws" | |
version = ">= 5.0" | |
} | |
} | |
} | |
data "aws_partition" "current" {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# aws cloudformation deploy --stack-name LogEvents --template-file ./cloudformation-eventbridge-cloudwatch-logs.yml | |
# | |
# Use this EventBridge rule to send events to a CloudWatch Logs log group for review. An example | |
# use case is to review CloudTrail logs w/ CloudWatch Logs Insights. Recently used this to identify | |
# service and CloudTrail events from DRS to trigger custom automation (Lambda). | |
# | |
# Example CloudWatch Logs Insights query for the log group: | |
# | |
# fields @timestamp, @message, `detail-type`, `detail.eventName` | |
# | filter detail.eventName in ["CreateSourceServerForDrs", "CreateRecoveryInstanceForDrs", "ReverseReplication"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import boto3 | |
import botocore | |
import os | |
import datetime | |
import re | |
import csv | |
from functools import lru_cache | |
sts = boto3.client("sts") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See documented events sent by Config here: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_example-events.html | |
# | |
# It is much easier to write evaluations for rules using ConfigurationItemChangeNotification and | |
# OversizedConfigurationItemChangeNotification. These notifications include the resource as recorded | |
# by Config. The Lambda function can review the resource config json and submit an evaluation for | |
# the resource. | |
# | |
# ScheduledNotification events are not specific to a resource, the event only includes | |
# the account id and rule name. Lambda functions must list all the resources in the account using | |
# service apis, call the appropriate apis to evaluate the resources config, and then submit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import boto3 | |
import os | |
import traceback as tb | |
if boto3.session.Session().region_name.startswith("us-gov-"): | |
partition = "aws-us-gov" | |
regions = ["us-gov-west-1", "us-gov-east-1"] | |
else: | |
partition = "aws" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
import os | |
# Example usage from a bash shell: | |
# PREFIX='AWS COMM' AWS_PROFILE=comm-mgmt ROLE_NAME=AWSControlTowerExecution python ./aws_switch_role_bookmark_generator.py > ./aws-switch-role-bookmarks.html | |
# Environment variables for configuration | |
role_name = os.environ.get("ROLE_NAME", "OrganizationAccountAccessRole") | |
include_mgmt = os.environ.get("INCLUDE_MGMT", "true").lower() == "true" | |
prefix = os.environ.get("PREFIX", "AWS") |
NewerOlder