Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # RUN:
- # AWS_PROFILE=[profile] AWS_REGION=[region] ./check-ebs-snapshots.sh
- #
- AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
- snapshots=$(aws ec2 describe-snapshots \
- --region $AWS_REGION \
- --owner-ids $AWS_ACCOUNT_ID \
- --filters "Name=status,Values=completed" \
- --output text \
- --query "Snapshots[*].SnapshotId" | tr "\t" "\n")
- for ss in $snapshots; do
- echo -n "Checking EBS snapshot '$ss': "
- perms=$(aws ec2 describe-snapshot-attribute \
- --region $AWS_REGION \
- --snapshot-id $ss \
- --attribute createVolumePermission \
- --query 'CreateVolumePermissions[]')
- [[ $perms =~ '"Group": "all"' ]] && echo "vulnerable!" || echo "secure!"
- done
- echo "All done!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement