Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Systems Manager
- aws ssm describe-instance-information --query "InstanceInformationList[*]"
- aws ssm get-document --name "AmazonInspector-ManageAWSAgent" --output text > AmazonInspector-ManageAWSAgent.doc
- less AmazonInspector-ManageAWSAgent.doc
- aws ssm send-command --targets Key=tag:SecurityScan,Values=true --document-name "AmazonInspector-ManageAWSAgent" --query Command.CommandId --output-s3-bucket-name <LoggingBucket>
- aws ssm list-command-invocations --details --query "CommandInvocations[*].[InstanceId,DocumentName,Status]" --command-id <CommandId>
- # Inspector
- aws inspector create-resource-group --resource-group-tags key=SecurityScan,value=true
- aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn aws inspector create-assessment-target --assessment-target-name GamesDevTargetGroup --resource-group-arn <ResourceGroupARN>
- aws inspector list-rules-packages
- aws inspector describe-rules-packages --query rulesPackages[*].[name,description] --output text --rules-package-arns <RulesPackageArns>
- aws inspector create-assessment-template --assessment-target-arn <AssessmentTargetArn> --assessment-template-name CISCommonVulerBestPract-Short --duration-in-seconds 900 --rules-package-arns <ThreeRulesPackageARNs>
- aws inspector preview-agents --preview-agents-arn <AssessmentTargetArn>
- aws inspector start-assessment-run --assessment-run-name FirstAssessment --assessment-template-arn <AssessmentTemplateArn>
- # should reply w/ collecting data
- aws inspector describe-assessment-runs --assessment-run-arn <AssessmentRunArn>
- aws inspector list-assessment-run-agents --assessment-run-arn <AssessmentRunArn>
- # Create and Apply a Patch Baseline
- aws ssm describe-document --name "AWS-PatchInstanceWithRollback" --query "Document.[Name,Description,PlatformTypes]"
- aws ssm describe-instance-information --query "InstanceInformationList[*]"
- aws ssm start-automation-execution --document-name "AWS-PatchInstanceWithRollback" --parameters "InstanceId=<InstanceId>,ReportS3Bucket=<LogBucket>"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement