Untitled

# Systems Manager
aws ssm describe-instance-information  --query "InstanceInformationList[*]"
aws ssm get-document --name "AmazonInspector-ManageAWSAgent" --output text > AmazonInspector-ManageAWSAgent.doc
less AmazonInspector-ManageAWSAgent.doc
aws ssm send-command --targets Key=tag:SecurityScan,Values=true --document-name "AmazonInspector-ManageAWSAgent" --query Command.CommandId --output-s3-bucket-name <LoggingBucket>
aws ssm list-command-invocations --details --query "CommandInvocations[*].[InstanceId,DocumentName,Status]" --command-id <CommandId>

# Inspector
aws inspector create-resource-group --resource-group-tags key=SecurityScan,value=true
aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn <ResourceGroupARN>
aws inspector list-rules-packages
aws inspector describe-rules-packages --query rulesPackages[*].[name,description] --output text --rules-package-arns <RulesPackageArns>
aws inspector create-assessment-template --assessment-target-arn <AssessmentTargetArn> --assessment-template-name CISCommonVulerBestPract-Short --duration-in-seconds 900 --rules-package-arns <ThreeRulesPackageARNs>
aws inspector preview-agents --preview-agents-arn <AssessmentTargetArn>
aws inspector start-assessment-run --assessment-run-name FirstAssessment --assessment-template-arn <AssessmentTemplateArn>
# should reply w/ collecting data
aws inspector describe-assessment-runs --assessment-run-arn <AssessmentRunArn>
aws inspector list-assessment-run-agents --assessment-run-arn <AssessmentRunArn>

# Create and Apply a Patch Baseline
aws ssm describe-document --name "AWS-PatchInstanceWithRollback" --query "Document.[Name,Description,PlatformTypes]"
aws ssm describe-instance-information  --query "InstanceInformationList[*]"
aws ssm start-automation-execution --document-name "AWS-PatchInstanceWithRollback" --parameters "InstanceId=<InstanceId>,ReportS3Bucket=<LogBucket>"