Ajinkya aws cloudformation prevention#119
Conversation
| For each user, check their policies and permissions. If a user has access to data services, it might be suspicious. Here is how you can check user policies: | ||
| ```python | ||
| user_policies = iam.list_user_policies(UserName=user['UserName']) | ||
| for policy_name in user_policies['PolicyNames']: |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| This script will print the names of all stacks that are misconfigured. If no stacks are printed, then all stacks have a `DeletionPolicy` set. | ||
| </Accordion> | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| This script will print out the names of all stacks that do not have notifications enabled. You can modify it to suit your needs, for example by writing the names to a file or sending an email alert. | ||
| </Accordion> | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| This script will print the names of all stacks that do not have termination protection enabled. | ||
| </Accordion> | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| import boto3 | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ``` | ||
|
|
||
| This script will print the names of all CloudFormation stacks that do not have an IAM role associated with them. | ||
| </Accordion> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
2 participants
No description provided.