SlideShare ist ein Scribd-Unternehmen logo

Python3 (boto3) for aws

Sanjeev Kumar Jaiswal
Sanjeev Kumar Jaiswal

This ppt deals with basics of AWS CLI, Python3(boto3) an AWS SDK and Various Examples of what you can achieve with boto3.

Bildung
1 von 25
Downloaden Sie, um offline zu lesen
Python SDK (Boto3) for AWS AWSome scripts Pythonic way Sanjeev Jaiswal (Jassi)
What we will cover Fundamentals ● Introduction to AWS CLI ● AWS CLI setup ● AWS CLI Examples ● Introduction to Boto3 ● Boto3 setup and verification ● Hands-on using Boto3 Hands-On ● AWS resource inventory ● List public S3 buckets ● List IAM details ● Security group exposed to public ● Get ELB Public IP for post scan ● Orphan Security Group
What you know in Python Minimal concept to get going ● Data Types ● Control statements ● Function ● How to import module ● Know list, tuples and dictionary ● Know File Handling ● Python Regex using re module ● Basic Troubleshooting ● How to install module using pip ● How to run python scripts
Test your Python skills 1. Get employee details as user input: emp id, name, joined date, skills in list, projects in dictionary 2. Create a dictionary in below format and fill with above input values: { 'Employee ID': { Name: 'string' Joined: 'yyyy-mm-dd' Skills: [‘list’, ‘of’, ‘skills’] Project: {‘project_name’: ‘project description’} } } 3. Print the employee dictionary
What you know in AWS Minimal AWS knowledge is enough ● Have AWS Console access ● IAM features ● EC2 related operations ● How to work with S3 buckets ● Aware of ELB ● Used Security group before
Basic AWS Operations 1. IAM: create few users with aws-cli access and add in different groups, roles 2. EC2: create linux instances (min. 2) with different security groups, tags, name 3. S3: create 2 buckets, upload objects to them, make 1 bucket public and 1 private 4. Create separate security groups for web, mysql, mongo, ssh 5. Create few load balancers and attach some instances to it
Let’s Learn AWS CLI
AWS CLI ● AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. It can run in MacOS, Windows, Linux as well. ● Available in 2 versions: 1. 1.x : for backward compatibility 2. 2.x: recent available release for production ● AWS CLI Command reference: https://docs.aws.amazon.com/cli/latest/reference/ ● Output format: text, yaml, json, table ● Security in the AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/security.html
AWS CLI setup You have Python 3.x installed and access to shell/terminal Install AWS CLI: ● Using pip: $ python -m pip install --user awscli ● Windows: https://awscli.amazonaws.com/AWSCLIV2.msi ● Linux: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html ● MacOS: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html $ aws --version $ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtFI/K7MDENG/bPxRYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]:
Let’s understand aws-cli structure ● options: ○ --output ○ --region ○ --profile ○ --version ● parameters: ○ --filter ○ --max-items ○ --page-size aws [options] <command> <subcommand> [parameters] ● Command (top level aws services): ○ S3 ○ Ec2 ○ Iam ○ Cloudwatch ○ Dynamodb ○ Elb ● Subcommand (commands work with top level command): ○ S3: cp, rm, mb, sync ○ Ec2: describe-instances, create-tags, create-vpc ○ Iam: create-group, get-policy, list-users, update-user ○ Cloudwatch: get-dashboard, get-metric-data ○ Dynamodb: get-item, update-table ○ Elb: create-load-balancer, remove-tags
Let’s get help from AWS CLI ● aws help ● aws command help ○ aws s3 help ○ aws ec2 help ○ aws iam help ● aws command sub-command help ○ aws s3 mb help ○ aws iam get-policy help ○ aws ec2 describe-instances help
AWS CLI - Sample code ● $ aws iam list-users --output json ● $ aws iam list-users --output text --query 'Users[*].[UserName,Arn,CreateDate,PasswordLastUsed,UserId]' ● $ aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId]' --output text ● $ aws iam list-groups-for-user --user-name sanjeev --output text --query "Groups[].[GroupName]" ● $ aws ec2 describe-volumes --query 'Volumes[*].{ID:VolumeId,AZ:AvailabilityZone,Size:Size}' --output table ● $ aws ec2 describe-instances --filters Name=instance-type, Values=t2.micro, t3.micro Name=availability-zone, Values=us-east-2c ● $ aws s3 website s3://bucket-name/ --index-document index.html --error-document error.html ● $ aws s3api get-bucket-website --bucket mysite548.com ● $ aws logs get-log-events --log-group-name my-logs --log-stream-name 20200311
Let’s use Boto3
Boto3 Setup ● Install boto3: pip3 install boto3 or python3 -m pip install boto3 ● Include this line in your python code: import boto3 ● Create an object using boto3 client or resource library ○ client = boto3.client(‘resource-name’) Ex: iam_client = boto3.client(‘iam’) ○ resource = boto3.resource(‘resource-name’) Ex: s3_resource = boto3.resource(‘s3’) ● It will take your Credentials which you set while running `aws configure` ● Save the script with .py extension and run it ● If it didn’t give any error means boto3 is working perfectly
IAM accounts details 1. Get IAM user details like username, group, policy a. client.get_account_authorization_details() 2. IAM user management like: a. add user: client.create_user(UserName=’name’) b. edit user: client.update_user(UserName=’name’, NewUserName=’newName’) and c. delete user: client.delete_user(UserName=’name’) 3. Get policy details: a. List attached user policy: client.list_attached_user_policies(UserName=’name’) b. Get Policy details: client.get_policy(PolicyArn=’policyarn’)
S3 Bucket management 1. Create a bucket a. s3client = boto3.client('s3') b. s3client.create_bucket(Bucket=bucket_name) 2. List all the buckets: list_buckets = s3client.list_buckets() 3. Search if your bucket is there 4. Upload a file to your bucket 5. Generate a presigned url of newly uploaded file to access online 6. Print file(object)details using s3 resource API a. s3resource = boto3.resource('s3') b. bucket = s3resource.Bucket(bucket_name) c. obj = bucket.Object(object_key) 7. Delete the bucket and any files(objects) inside it a. bucket = s3Resource.Bucket(bucket_name) b. delete_responses = bucket.objects.delete()
Get Running EC2 details region-wise 1. Get all ec2 regions in a list 2. Loop through the region list and 3. Get ec2 region wise and print below items for each ec2 instance: a. Instance id b. Instance type c. Image id d. Public ip e. Private ip f. Availability zone Below code would help you get going: import boto3 ec2client = boto3.client('ec2') instances = ec2client.describe_instances()
Get Orphan Security Groups 1. Get security group of all the regions 2. Get Security group attached to different instances 3. Compare with existing security groups 4. If security group is not attached with any of the below instances, add in orphan list a. ec2 b. rds c. vpc d. elb e. elbv2 5. Print orphan list and other useful info related to this scan.
List Security Group attached with EC2 1. Get all the regions associated with ec2 2. Loop through the regions 3. Find attached security group 4. Print below items: a. Instance id b. Security group name c. Security Group Id d. VpcId e. SubnetId f. Ec2 running status (State -> running)
Fetch Public IPs of ELBs 1. Connect to client ec2 2. Get all regions and loop through 3. Connect to elb and elbv2 4. Use describe_load_balancers() 5. Get public IP Below code would get you going for region in regions: profile = boto3.session.Session(profile_name=env_type, region_name=region) elbList = profile.client('elb') applbList = profile.client('elbv2') bals = elbList.describe_load_balancers() appbals = applbList.describe_load_balancers()
What’s Next ● AWS Security Automation: https://github.com/awslabs/aws-security-automation ● SANS SEC573: https://www.sans.org/course/automating-information-security-with-python ● Automate event-driven security stuffs using AWS Lambda in Python ● Automate AWS Services security assessment using Python ● Automate AWS CIS benchmarks ● Automate some AWS Exploits ● Automate/Solve AWS Based CTF challenges ● Use Pacu, Prowler, ScoutSuite for AWS Exploitation and Security Assessment ● Make command line tool using click module
Resources Automate the boring stuff with Python Hands-On enterprise Automation with Python AWS CLI by Amazon Boto3 Documentation
Credits Image Credit ● Noun Project for icons Content Credits ● Aws-labs ● Boto3 Doc
Python3 (boto3) for aws
Python3 (boto3) for aws

Empfohlen

AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...Amazon Web Services
 
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows Powershell
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows PowershellAWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows Powershell
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows PowershellAmazon Web Services Japan
 
IBM Cloud Manager with OpenStack Overview
IBM Cloud Manager with OpenStack OverviewIBM Cloud Manager with OpenStack Overview
IBM Cloud Manager with OpenStack OverviewPatrick Bouillaud
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021AWSKRUG - AWS한국사용자모임
 

Empfohlen

AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 
DEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIDEV323_Introduction to the AWS CLI
DEV323_Introduction to the AWS CLIAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...
(DEV307) Introduction to Version 3 of the AWS SDK for Python (Boto) | AWS re:...Amazon Web Services
 
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows Powershell
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows PowershellAWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows Powershell
AWS Black Belt Tech シリーズ 2015 AWS CLI & AWS Tools for Windows PowershellAmazon Web Services Japan
 
IBM Cloud Manager with OpenStack Overview
IBM Cloud Manager with OpenStack OverviewIBM Cloud Manager with OpenStack Overview
IBM Cloud Manager with OpenStack OverviewPatrick Bouillaud
 
AWS WAF
AWS WAFAWS WAF
AWS WAFAmazon Web Services
 
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021
Amazon EKS로 간단한 웹 애플리케이션 구축하기 - 김주영 (AWS) :: AWS Community Day Online 2021AWSKRUG - AWS한국사용자모임
 
Aws ppt
Aws pptAws ppt
Aws pptRamyaG50
 
Introducing AWS Elastic Beanstalk
Introducing AWS Elastic BeanstalkIntroducing AWS Elastic Beanstalk
Introducing AWS Elastic BeanstalkAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
Amazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon Web Services
 
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015 AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015 Amazon Web Services Korea
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...Edureka!
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまでAmazon Web Services Japan
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best PracticesAmazon Web Services
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
AWS CodeBuild Demo
AWS CodeBuild DemoAWS CodeBuild Demo
AWS CodeBuild DemoAleksei Bulgak
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud WatchzekeLabs Technologies
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on KubernetesDaneyon Hansen
 
DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법Jean Ryu
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation MasterclassAmazon Web Services
 
AWSからのメール送信
AWSからのメール送信AWSからのメール送信
AWSからのメール送信Amazon Web Services Japan
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2Amazon Web Services
 
Jz 201 t
Jz 201 tJz 201 t
Jz 201 tAmazon Web Services
 
Aws cli
Aws cliAws cli
Aws cliPham Anh Vu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introducing AWS Elastic Beanstalk
Introducing AWS Elastic BeanstalkIntroducing AWS Elastic Beanstalk
Introducing AWS Elastic BeanstalkAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015 AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015 Amazon Web Services Korea
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsAmazon Web Services
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...Edureka!
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまでAmazon Web Services Japan
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법Jean Ryu
 

Was ist angesagt? (20)

Aws ppt
Aws pptAws ppt
Aws ppt
 
Introducing AWS Elastic Beanstalk
Introducing AWS Elastic BeanstalkIntroducing AWS Elastic Beanstalk
Introducing AWS Elastic Beanstalk
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless Applications
 
Amazon WorkSpaces for Education
Amazon WorkSpaces for EducationAmazon WorkSpaces for Education
Amazon WorkSpaces for Education
 
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015 AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
AWS로 사용자 천만 명 서비스 만들기 (윤석찬)- 클라우드 태권 2015
 
Using AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure WorkloadsUsing AWS Key Management Service for Secure Workloads
Using AWS Key Management Service for Secure Workloads
 
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
AWS Tutorial | AWS Certified Solutions Architect | Amazon AWS | AWS Training ...
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
【AWS初心者向けWebinar】AWSのプロビジョニングからデプロイまで
 
IAM Best Practices
IAM Best PracticesIAM Best Practices
IAM Best Practices
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
AWS CodeBuild Demo
AWS CodeBuild DemoAWS CodeBuild Demo
AWS CodeBuild Demo
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
 
Istio on Kubernetes
Istio on KubernetesIstio on Kubernetes
Istio on Kubernetes
 
DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법DDoS 방어를 위한 Cloudflare 활용법
DDoS 방어를 위한 Cloudflare 활용법
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
AWSからのメール送信
AWSからのメール送信AWSからのメール送信
AWSからのメール送信
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 

Ähnlich wie Python3 (boto3) for aws

AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best PracticesDoiT International
 
Flask jwt authentication tutorial
Flask jwt authentication tutorialFlask jwt authentication tutorial
Flask jwt authentication tutorialKaty Slemon
 
Lab Manual Combaring Redis with Relational
Lab Manual Combaring Redis with RelationalLab Manual Combaring Redis with Relational
Lab Manual Combaring Redis with RelationalAmazon Web Services
 
Lab Manual Managed Database Basics
Lab Manual Managed Database BasicsLab Manual Managed Database Basics
Lab Manual Managed Database BasicsAmazon Web Services
 
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLHands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLAmazon Web Services
 
AMF Testing Made Easy! DeepSec 2012
AMF Testing Made Easy! DeepSec 2012AMF Testing Made Easy! DeepSec 2012
AMF Testing Made Easy! DeepSec 2012Luca Carettoni
 
Hands-on Lab: Comparing Redis with Relational
Hands-on Lab: Comparing Redis with RelationalHands-on Lab: Comparing Redis with Relational
Hands-on Lab: Comparing Redis with RelationalAmazon Web Services
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practicesSharon Vendrov
 
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션Amazon Web Services Korea
 
Building Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisBuilding Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisFIWARE
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Marc Müller
 
Hands-on Lab - Combaring Redis with Relational
Hands-on Lab - Combaring Redis with RelationalHands-on Lab - Combaring Redis with Relational
Hands-on Lab - Combaring Redis with RelationalAmazon Web Services
 
reModernize-Updating and Consolidating MySQL
reModernize-Updating and Consolidating MySQLreModernize-Updating and Consolidating MySQL
reModernize-Updating and Consolidating MySQLAmazon Web Services
 
Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)남균 김
 
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupScaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupChris Shenton
 

Ähnlich wie Python3 (boto3) for aws (20)

Jz 201 t
Jz 201 tJz 201 t
Jz 201 t
 
Aws cli
Aws cliAws cli
Aws cli
 
Aws cli
Aws cliAws cli
Aws cli
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
 
Flask jwt authentication tutorial
Flask jwt authentication tutorialFlask jwt authentication tutorial
Flask jwt authentication tutorial
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
 
Lab Manual Combaring Redis with Relational
Lab Manual Combaring Redis with RelationalLab Manual Combaring Redis with Relational
Lab Manual Combaring Redis with Relational
 
Lab Manual Managed Database Basics
Lab Manual Managed Database BasicsLab Manual Managed Database Basics
Lab Manual Managed Database Basics
 
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQLHands-on Lab: re-Modernize - Updating and Consolidating MySQL
Hands-on Lab: re-Modernize - Updating and Consolidating MySQL
 
AMF Testing Made Easy! DeepSec 2012
AMF Testing Made Easy! DeepSec 2012AMF Testing Made Easy! DeepSec 2012
AMF Testing Made Easy! DeepSec 2012
 
Hands-on Lab: Comparing Redis with Relational
Hands-on Lab: Comparing Redis with RelationalHands-on Lab: Comparing Redis with Relational
Hands-on Lab: Comparing Redis with Relational
 
K8s security best practices
K8s security best practicesK8s security best practices
K8s security best practices
 
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
윈도 닷넷 개발자를 위한 솔루션 클라우드 데브옵스 솔루션
 
Building Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisBuilding Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEis
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
Experts Live Switzerland 2017 - Automatisierte Docker Release Pipeline mit VS...
 
Hands-on Lab - Combaring Redis with Relational
Hands-on Lab - Combaring Redis with RelationalHands-on Lab - Combaring Redis with Relational
Hands-on Lab - Combaring Redis with Relational
 
reModernize-Updating and Consolidating MySQL
reModernize-Updating and Consolidating MySQLreModernize-Updating and Consolidating MySQL
reModernize-Updating and Consolidating MySQL
 
Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)Build resource server &amp; client for OCF Cloud (2018.8.30)
Build resource server &amp; client for OCF Cloud (2018.8.30)
 
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington MeetupScaffolding for Serverless: lightning talk for AWS Arlington Meetup
Scaffolding for Serverless: lightning talk for AWS Arlington Meetup
 

Kürzlich hochgeladen

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 

Kürzlich hochgeladen (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 

Python3 (boto3) for aws

  • 1. Python SDK (Boto3) for AWS AWSome scripts Pythonic way Sanjeev Jaiswal (Jassi)
  • 2. What we will cover Fundamentals ● Introduction to AWS CLI ● AWS CLI setup ● AWS CLI Examples ● Introduction to Boto3 ● Boto3 setup and verification ● Hands-on using Boto3 Hands-On ● AWS resource inventory ● List public S3 buckets ● List IAM details ● Security group exposed to public ● Get ELB Public IP for post scan ● Orphan Security Group
  • 3. What you know in Python Minimal concept to get going ● Data Types ● Control statements ● Function ● How to import module ● Know list, tuples and dictionary ● Know File Handling ● Python Regex using re module ● Basic Troubleshooting ● How to install module using pip ● How to run python scripts
  • 4. Test your Python skills 1. Get employee details as user input: emp id, name, joined date, skills in list, projects in dictionary 2. Create a dictionary in below format and fill with above input values: { 'Employee ID': { Name: 'string' Joined: 'yyyy-mm-dd' Skills: [‘list’, ‘of’, ‘skills’] Project: {‘project_name’: ‘project description’} } } 3. Print the employee dictionary
  • 5. What you know in AWS Minimal AWS knowledge is enough ● Have AWS Console access ● IAM features ● EC2 related operations ● How to work with S3 buckets ● Aware of ELB ● Used Security group before
  • 6. Basic AWS Operations 1. IAM: create few users with aws-cli access and add in different groups, roles 2. EC2: create linux instances (min. 2) with different security groups, tags, name 3. S3: create 2 buckets, upload objects to them, make 1 bucket public and 1 private 4. Create separate security groups for web, mysql, mongo, ssh 5. Create few load balancers and attach some instances to it
  • 8. AWS CLI ● AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. It can run in MacOS, Windows, Linux as well. ● Available in 2 versions: 1. 1.x : for backward compatibility 2. 2.x: recent available release for production ● AWS CLI Command reference: https://docs.aws.amazon.com/cli/latest/reference/ ● Output format: text, yaml, json, table ● Security in the AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/security.html
  • 9. AWS CLI setup You have Python 3.x installed and access to shell/terminal Install AWS CLI: ● Using pip: $ python -m pip install --user awscli ● Windows: https://awscli.amazonaws.com/AWSCLIV2.msi ● Linux: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html ● MacOS: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html $ aws --version $ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtFI/K7MDENG/bPxRYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]:
  • 10. Let’s understand aws-cli structure ● options: ○ --output ○ --region ○ --profile ○ --version ● parameters: ○ --filter ○ --max-items ○ --page-size aws [options] <command> <subcommand> [parameters] ● Command (top level aws services): ○ S3 ○ Ec2 ○ Iam ○ Cloudwatch ○ Dynamodb ○ Elb ● Subcommand (commands work with top level command): ○ S3: cp, rm, mb, sync ○ Ec2: describe-instances, create-tags, create-vpc ○ Iam: create-group, get-policy, list-users, update-user ○ Cloudwatch: get-dashboard, get-metric-data ○ Dynamodb: get-item, update-table ○ Elb: create-load-balancer, remove-tags
  • 11. Let’s get help from AWS CLI ● aws help ● aws command help ○ aws s3 help ○ aws ec2 help ○ aws iam help ● aws command sub-command help ○ aws s3 mb help ○ aws iam get-policy help ○ aws ec2 describe-instances help
  • 12. AWS CLI - Sample code ● $ aws iam list-users --output json ● $ aws iam list-users --output text --query 'Users[*].[UserName,Arn,CreateDate,PasswordLastUsed,UserId]' ● $ aws ec2 describe-instances --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone, State.Name, InstanceId]' --output text ● $ aws iam list-groups-for-user --user-name sanjeev --output text --query "Groups[].[GroupName]" ● $ aws ec2 describe-volumes --query 'Volumes[*].{ID:VolumeId,AZ:AvailabilityZone,Size:Size}' --output table ● $ aws ec2 describe-instances --filters Name=instance-type, Values=t2.micro, t3.micro Name=availability-zone, Values=us-east-2c ● $ aws s3 website s3://bucket-name/ --index-document index.html --error-document error.html ● $ aws s3api get-bucket-website --bucket mysite548.com ● $ aws logs get-log-events --log-group-name my-logs --log-stream-name 20200311
  • 14. Boto3 Setup ● Install boto3: pip3 install boto3 or python3 -m pip install boto3 ● Include this line in your python code: import boto3 ● Create an object using boto3 client or resource library ○ client = boto3.client(‘resource-name’) Ex: iam_client = boto3.client(‘iam’) ○ resource = boto3.resource(‘resource-name’) Ex: s3_resource = boto3.resource(‘s3’) ● It will take your Credentials which you set while running `aws configure` ● Save the script with .py extension and run it ● If it didn’t give any error means boto3 is working perfectly
  • 15. IAM accounts details 1. Get IAM user details like username, group, policy a. client.get_account_authorization_details() 2. IAM user management like: a. add user: client.create_user(UserName=’name’) b. edit user: client.update_user(UserName=’name’, NewUserName=’newName’) and c. delete user: client.delete_user(UserName=’name’) 3. Get policy details: a. List attached user policy: client.list_attached_user_policies(UserName=’name’) b. Get Policy details: client.get_policy(PolicyArn=’policyarn’)
  • 16. S3 Bucket management 1. Create a bucket a. s3client = boto3.client('s3') b. s3client.create_bucket(Bucket=bucket_name) 2. List all the buckets: list_buckets = s3client.list_buckets() 3. Search if your bucket is there 4. Upload a file to your bucket 5. Generate a presigned url of newly uploaded file to access online 6. Print file(object)details using s3 resource API a. s3resource = boto3.resource('s3') b. bucket = s3resource.Bucket(bucket_name) c. obj = bucket.Object(object_key) 7. Delete the bucket and any files(objects) inside it a. bucket = s3Resource.Bucket(bucket_name) b. delete_responses = bucket.objects.delete()
  • 17. Get Running EC2 details region-wise 1. Get all ec2 regions in a list 2. Loop through the region list and 3. Get ec2 region wise and print below items for each ec2 instance: a. Instance id b. Instance type c. Image id d. Public ip e. Private ip f. Availability zone Below code would help you get going: import boto3 ec2client = boto3.client('ec2') instances = ec2client.describe_instances()
  • 18. Get Orphan Security Groups 1. Get security group of all the regions 2. Get Security group attached to different instances 3. Compare with existing security groups 4. If security group is not attached with any of the below instances, add in orphan list a. ec2 b. rds c. vpc d. elb e. elbv2 5. Print orphan list and other useful info related to this scan.
  • 19. List Security Group attached with EC2 1. Get all the regions associated with ec2 2. Loop through the regions 3. Find attached security group 4. Print below items: a. Instance id b. Security group name c. Security Group Id d. VpcId e. SubnetId f. Ec2 running status (State -> running)
  • 20. Fetch Public IPs of ELBs 1. Connect to client ec2 2. Get all regions and loop through 3. Connect to elb and elbv2 4. Use describe_load_balancers() 5. Get public IP Below code would get you going for region in regions: profile = boto3.session.Session(profile_name=env_type, region_name=region) elbList = profile.client('elb') applbList = profile.client('elbv2') bals = elbList.describe_load_balancers() appbals = applbList.describe_load_balancers()
  • 21. What’s Next ● AWS Security Automation: https://github.com/awslabs/aws-security-automation ● SANS SEC573: https://www.sans.org/course/automating-information-security-with-python ● Automate event-driven security stuffs using AWS Lambda in Python ● Automate AWS Services security assessment using Python ● Automate AWS CIS benchmarks ● Automate some AWS Exploits ● Automate/Solve AWS Based CTF challenges ● Use Pacu, Prowler, ScoutSuite for AWS Exploitation and Security Assessment ● Make command line tool using click module
  • 22. Resources Automate the boring stuff with Python Hands-On enterprise Automation with Python AWS CLI by Amazon Boto3 Documentation
  • 23. Credits Image Credit ● Noun Project for icons Content Credits ● Aws-labs ● Boto3 Doc