Matthew Harper matthew-harper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:ListBucket" | |
| ], | |
| "Resource": [ | |
| "arn:aws:s3:::my-release-artifacts" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:GetObject" | |
| ], | |
| "Resource": "arn:aws:s3:::my-release-artifacts/*" | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT distinct "province/state" | |
| FROM "sample-db"."medium_covid_data" | |
| WHERE year = '2020' and month = '1' and deaths > 0 ORDER BY "province/state"; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone https://github.com/CSSEGISandData/COVID-19.git |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def filter_user_events(event) -> bool: | |
| is_match = match_user_agent(event['userAgent']) | |
| is_read_only = match_readonly_event_name(event['eventName']) | |
| is_ignored_event = match_ignored_events(event['eventName']) | |
| is_in_event = 'invokedBy' in event['userIdentity'] and event['userIdentity']['invokedBy'] == 'AWS Internal' | |
| status = is_match and not is_read_only and not is_ignored_event and not is_in_event | |
| return status |
matthew-harper
/ lambda.py
Created
February 18, 2020 17:24
Python AWS Lambda function to process CloudTrail Events
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import urllib.parse | |
| import boto3 | |
| import io | |
| import gzip | |
| import re | |
| s3 = boto3.client('s3') | |
| sns = boto3.client('sns') | |
| sns_arn = "arn:replace_me" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def post_to_sns(user, event) -> None: | |
| message = f'Manual AWS Changed Detected: {user} --> {event}' | |
| sns_publish(message) | |
| def post_to_sns_details(message) -> None: | |
| message = {"Manual AWS Change Detected": message} | |
| sns_publish(message) |
matthew-harper
/ lambda.py
Created
February 17, 2020 14:14
filter CloudTrail events by source and event type
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def filter_user_events(event) -> bool: | |
| is_match = match_user_agent(event['userAgent']) | |
| is_read_only = match_readonly_event_name(event['eventName']) | |
| is_ignored_event = match_ignored_events(event['eventName']) | |
| is_in_event = 'invokedBy' in event['userIdentity'] and event['userIdentity']['invokedBy'] == 'AWS Internal' | |
| status = is_match and not is_read_only and not is_ignored_event and not is_in_event | |
| return status |
matthew-harper
/ lambda.py
Created
February 17, 2020 13:13
python list comprehension to filter cloudtrail events
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output_dict = [record for record in event_json['Records'] if filter_user_events(record)] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Records": [ | |
| { | |
| "eventVersion": "1.05", | |
| "userIdentity": { | |
| "type": "AssumedRole", | |
| "principalId": "AROAISWA7TXBQT4XOO2X6:[email protected]", | |
| "arn": "arn:aws:sts::1234:assumed-role/[email protected]", | |
| "accountId": "1234", | |
| "accessKeyId": "ASIAZVE7HIYF3KVNS46V", |
NewerOlder