GuardDuty is a very solid service but it can give you some challenges when you have several AWS accounts spanning several regions. So here’s a way to manage all the findings from several accounts and regions. This how-to summarizes the steps and will provide links to already published ones from AWS.
1) — Pick a Master Account where you can manage/view all the findings for all your accounts. This is a quick how-to: https://aws.amazon.com/blogs/security/how-to-manage-amazon-guardduty-security-findings-across-multiple-accounts/
- This will copy all the objects from one S3 bucket to another —
aws s3 cp s3://bucket1 s3://bucket2 –recursive –grants read=uri=http://acs.amazonaws.com/groups/global/AllUsers full=emailaddress=awsaccountemailaddress
*if bucket2 is in a different AWS account, it will need a bucket policy allowing bucket1 user to write to it.
- This will list running instances’ instanceID, privateIP, and Tag=Name —
aws ec2 describe-instances –filters “Name=instance-state-code”,”Values=16″ –query “Reservations[*].Instances[*].[InstanceId, PrivateIpAddress, Tags[?Key==’Name’].Value | ]” –output table –region us-east-1 –profile production
- This will export running instances’ InstanceID, InstanceType, Tag=Name, Tag=Project to a .tsv file (linux) which Excel will be able to open —
aws ec2 describe-instances –output text –filters “Name=instance-state-code”,”Values=16″ –query ‘Reservations[*].Instances[*].[InstanceId, InstanceType, [Tags[?Key==`Name`].Value] , [Tags[?Key==`Project`].Value] ]’ > test.tsv
Continue reading “Favorite AWS Cli command(s)”
** This needs to be updated. Stay tuned…
- You know how to spin up a Compute Engine instance
- You are familiar with linux
- You have no time to read lengthy how-tos – this build took me 15 minutes
- I like taking advantage of free wifi (sbux, friends, etc) but want to keep my traffic encrypted.
- I prefer to use the native mac vpn client
Continue reading “GCP – Install a VPN server (for client access) on Google Compute Engine”
A few years ago, I wanted to build a sandbox environment for Devs (non-admins) in AWS and this would have come in handy. We’ve been using this for several months now and it is very useful in keeping the environment stable.
Continue reading “AWS IAM Policy for a Sandbox Environment”