Automating Setting up Tenable.io AWS Connector Role

I recently had to set up quite a few AWS Connectors in Tenable.io for various AWS accounts.

This can become quite a cumbersome task so I decided to automate it.

Prerequisites ~/.aws/config with multiple profiles trustpolicy.json (shown below) trustpolicy.json

This will be used by our script for the initial role creation. The account # referenced . . . → Read More: Automating Setting up Tenable.io AWS Connector Role

List All Subnets Across Multiple AWS accounts/profiles

Recently I needed to generate a list of all subnets across every AWS account in an organization.

I’ve documented an easy way to achieve this

Prerequisites

Set up your aws config for multiple profiles (one for each account)

[default] region=us-east-1 output=json [profile account1] role_arn = arn:aws:iam::XXXXXXXXXXXX:role/OrganizationAccountAccessRole source_profile = default region=us-east-1 output=json [profile account2] role_arn = . . . → Read More: List All Subnets Across Multiple AWS accounts/profiles

Limiting S3 Sync Bandwidth

Out of the box the aws s3 application is suppose to limit bandwidth by setting the “s3.max_bandwidth” option.

Example:

aws configure set default.s3.max_bandwidth 5MB/s Problem

aws s3 sync is using more bandwidth than the ~/.aws/config file has specified.

Replication Steps

Run the following command to set a max bandwidth limit for the s3 application

aws . . . → Read More: Limiting S3 Sync Bandwidth

Testing Amazon S3 Bucket for Public Write Permissions

Recently I needed to confirm if an s3 bucket was indeed publicly writable (by trying to write to it from a different account). I decided to document how to confirm this for your organization.

Prerequisites AWS CLI installed Two AWS accounts Account A – Has a bucket you suspect may be publicly writable Account B . . . → Read More: Testing Amazon S3 Bucket for Public Write Permissions