Guest User

Untitled

a guest
Aug 23rd, 2019
66
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. #
  4. # RUN:
  5. # AWS_PROFILE=[profile] AWS_REGION=[region] ./check-ebs-snapshots.sh
  6. #
  7.  
  8. AWS_ACCOUNT_ID=$(aws sts get-caller-identity --output text --query 'Account')
  9.  
  10. snapshots=$(aws ec2 describe-snapshots \
  11. --region $AWS_REGION \
  12. --owner-ids $AWS_ACCOUNT_ID \
  13. --filters "Name=status,Values=completed" \
  14. --output text \
  15. --query "Snapshots[*].SnapshotId" | tr "\t" "\n")
  16.  
  17. for ss in $snapshots; do
  18. echo -n "Checking EBS snapshot '$ss': "
  19.  
  20. perms=$(aws ec2 describe-snapshot-attribute \
  21. --region $AWS_REGION \
  22. --snapshot-id $ss \
  23. --attribute createVolumePermission \
  24. --query 'CreateVolumePermissions[]')
  25.  
  26. [[ $perms =~ '"Group": "all"' ]] && echo "vulnerable!" || echo "secure!"
  27. done
  28.  
  29. echo "All done!"
RAW Paste Data