AWS

Icon

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-generic-codecollection


Runs an ad-hoc user-provided command, and if the provided command outputs a non-empty string to stdout then an issue is generated with a configurable title and content. User commands should filter expected/healthy content (eg: with grep) and only output found errors.

Tasks:
  • TASK_TITLE

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-generic-codecollection


Runs an ad-hoc user-provided command, and if the provided command outputs a non-empty string to stdout then a health score of 0 (unhealthy) is pushed, otherwise if there is no output, indicating no issues, then a 1 is pushed. User commands should filter expected/healthy content (eg: with grep) and only output found errors.

Tasks:
  • ${TASK_TITLE}

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-generic-codecollection


This taskset runs a user provided awscli command and adds the output to the report. Command line tools like jq are available.

Tasks:
  • TASK_TITLE

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-generic-codecollection


This sli runs a user provided awscli command and pushes the metric. The supplied command must result in distinct single metric. Command line tools like jq are available.

Tasks:
  • ${TASK_TITLE}

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: aws-c7n-codecollection


Generates a report on S3 buckets in an Account that are insecure or unhealthy.

Tasks:
  • List S3 Buckets With Public Access in AWS Account `AWS_ACCOUNT_NAME`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: aws-c7n-codecollection


Counts the number of S3 buckets in an Account that are insecure or unhealthy.

Tasks:
  • Count S3 Buckets With Public Access in AWS Account `${AWS_ACCOUNT_NAME}`

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check for AWS EBS resources by identifying unattached volumes, unused snapshots, and unencrypted volumes.

Tasks:
  • List Unattached EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List Unencrypted EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List Unused EBS Snapshots in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Counts the number of EBS resources by identifying unattached volumes, unused and aged snapshots, and unencrypted volumes.

Tasks:
  • Check Unattached EBS Volumes in `${AWS_REGION}`
  • Check Unencrypted EBS Volumes in `${AWS_REGION}`
  • Check Unused EBS Snapshots in `${AWS_REGION}`
  • Generate EBS Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check for EC2 instances that are stale or stopped

Tasks:
  • List stale AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List stopped AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
  • List invalid AWS Auto Scaling Groups in AWS Region AWS_REGION in AWS account AWS_ACCOUNT_ID

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count the number of EC2 instances that are stale or stopped

Tasks:
  • Check for stale AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for stopped AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for invalid AWS Auto Scaling Groups in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled

Tasks:
  • List Publicly Accessible Security Groups in AWS account `AWS_ACCOUNT_ID`
  • List unused Elastic IPs in AWS account `AWS_ACCOUNT_ID`
  • List unused ELBs in AWS account `AWS_ACCOUNT_ID`
  • List VPCs with Flow Logs Disabled in AWS account `AWS_ACCOUNT_ID`

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled

Tasks:
  • Check for publicly accessible security groups in AWS account `${AWS_ACCOUNT_ID}`
  • Check for unused Elastic IPs in AWS account `${AWS_ACCOUNT_ID}`
  • Check for unused ELBs in AWS account `${AWS_ACCOUNT_ID}`
  • Check for VPCs with Flow Logs disabled in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.

Tasks:
  • List Unencrypted RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Publicly Accessible RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List RDS Instances with Backups Disabled in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.

Tasks:
  • Check for unencrypted RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for publicly accessible RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for disabled backup RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


List AWS ACM certificates that are unused, Expiring, or expired and failed status.

Tasks:
  • List Unused ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Expiring ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Expired ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Failed Status ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • List Pending Validation ACM Certificates in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 6 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Count AWS ACM certificates that are unused, Expiring, or expired and failed status.

Tasks:
  • Check for unused ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for Expiring ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for expired ACM certificates in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check for Failed Status ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Check for Pending Validation ACM Certificates in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS Monitoring Configuration Health

Tasks:
  • List CloudWatch Log Groups Without Retention Period in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • Check CloudTrail Configuration in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
  • Check for CloudTrail integration with CloudWatch Logs in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`

Icon 1 4 Troubleshooting Commands

Icon 2 Contributed by saurabh3460

Icon 2 Codecollection: aws-c7n-codecollection


Check AWS Monitoring Configuration Health

Tasks:
  • Check CloudWatch Log Groups Without Retention Period in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
  • Check if CloudTrail exists and is configured for multi-region in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Check CloudTrail Without CloudWatch Logs in AWS Region `${AWS_REGION}` in AWS Account `${AWS_ACCOUNT_ID}`
  • Generate Health Score

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Retrieve the result of an AWS CloudWatch Metrics Insights query.

Tasks:
  • Running CloudWatch Metric Query And Pushing The Result

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Vui Le

Icon 2 Codecollection: rw-public-codecollection


Retrieve all recently created AWS accounts.

Tasks:
  • Get The Recently Created AWS Accounts

Icon 1 7 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Performs a suite of security checks against a set of AWS EC2 instances. Checks include untagged instances, dangling volumes, open routes.

Tasks:
  • Check For Untagged instances
  • Check For Dangling Volumes
  • Check For Open Routes
  • Check For Overused Instances
  • Check For Underused Instances
  • Check For Underused Volumes
  • Check For Overused Volumes

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Monitors AWS cost and usage data for the latest billing period. Accepts one tag for continuous monitoring.

Tasks:
  • Get All Billing Sliced By Tags

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Retrieve binary result from an AWS CloudWatch Insights query. Pushes 0 (success) if logs are found (activity) or 1 if no logs were found in the time window.

Tasks:
  • Running CloudWatch Log Query And Pushing 1 If No Results Found

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Creates a report of AWS line item costs filtered to a list of tagged resources

Tasks:
  • Get All Billing Sliced By Tags

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Retrieve aggregate results from multiple AWS Cloudwatch Metrics Insights queries ran against tagged resources. This codebundle fetches a list of instance IDs filtered by tags, and uses them to run a set of AWS metric queries against the CloudWatch metrics insights API and pushes an aggregated/transformed value provided by the API as a metric.

Tasks:
  • Run CloudWatch Metric Query Across Set Of IDs And Push Metric

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Retrieve the number of detected AWS CloudFormation stack events over a given history

Tasks:
  • Fetch CloudFormation Stack Events

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Identify stale AWS S3 buckets, based on last modified object timestamp.

Tasks:
  • Create Report For Stale Buckets

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by

Icon 2 Codecollection: rw-public-codecollection


Triage and troubleshoot performance and usage of an AWS EC2 instance

Tasks:
  • Get Max VM CPU Utilization In Last 3 Hours
  • Get Lowest VM CPU Credits In Last 3 Hours
  • Get Max VM CPU Credit Usage In Last 3 hours
  • Get Max VM Memory Utilization In Last 3 Hours
  • Get Max VM Volume Usage In Last 3 Hours

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Triage and troubleshoot various issues with AWS CloudFormation

Tasks:
  • Get All Recent Stack Events

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Retrieve number of results from an AWS CloudWatch Insights query.

Tasks:
  • Running CloudWatch Log Query And Pushing The Count Of Results

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by Jonathan Funk

Icon 2 Codecollection: rw-public-codecollection


Creates a URL to a AWS CloudWatch metrics dashboard with a running query.

Tasks:
  • Get CloudWatch MetricQuery Insights URL

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Scans for AWS Lambda invocation errors

Tasks:
  • List Lambda Versions and Runtimes in AWS Region `AWS_REGION`
  • Analyze AWS Lambda Invocation Errors in Region `AWS_REGION`
  • Monitor AWS Lambda Performance Metrics in AWS Region `AWS_REGION`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Monitor AWS Lambda Invocation Errors

Tasks:
  • Analyze AWS Lambda Invocation Errors in Region `${AWS_REGION}`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Generates a report for S3 buckets in a AWS region

Tasks:
  • Check AWS S3 Bucket Storage Utilization

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Queries a node group within a EKS cluster to check if the nodegroup has degraded service, indicating ongoing reboots or other issues.

Tasks:
  • Check EKS Nodegroup Status in `EKS_CLUSTER_NAME`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Queries AWS CloudWatch for a list of EC2 instances with a high amount of resource utilization, raising issues when overutilized instances are found.

Tasks:
  • Check For Overutilized Ec2 Instances

Icon 1 3 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Checks the health status of EKS and/or Fargate clusters in the given AWS region.

Tasks:
  • Check EKS Fargate Cluster Health Status in AWS Region `AWS_REGION`
  • Check Amazon EKS Cluster Health Status in AWS Region `AWS_REGION`
  • Monitor EKS Cluster Health in AWS Region `AWS_REGION`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Monitors the status of EKS / Fargate in the given AWS region.

Tasks:
  • Check Amazon EKS Cluster Health Status in AWS Region `${AWS_REGION}`

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: rw-cli-codecollection


This taskset performs comprehensive DNS health monitoring and validation tasks. Includes DNS zone record validation, broken DNS resolution detection, forward lookup zone testing, external resolution validation, and latency monitoring. Provides detailed issue reporting with severity levels and actionable next steps. Supports multiple FQDNs, zones, and generic DNS monitoring scenarios.

Tasks:
  • Check DNS Zone Records
  • Detect Broken Record Resolution
  • Test Forward Lookup Zones
  • External Resolution Validation
  • DNS Latency Check

Icon 1 5 Troubleshooting Commands

Icon 2 Contributed by stewartshea

Icon 2 Codecollection: rw-cli-codecollection


This SLI measures DNS health metrics including resolution success rates, latency measurements, DNS zone health, and external DNS resolver availability. Provides binary scoring (0/1) for each metric and calculates an overall DNS health score. Supports multiple FQDNs, DNS zones, forward lookup zones, and external resolver testing.

Tasks:
  • DNS Resolution Success Rate
  • DNS Query Latency
  • DNS Zone Health
  • External DNS Resolver Availability
  • Generate DNS Health Score

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Checks the health status of Elasticache redis in the given region.

Tasks:
  • Scan AWS Elasticache Redis Status in AWS Region `AWS_REGION`

Icon 1 1 Troubleshooting Commands

Icon 2 Contributed by jon-funk

Icon 2 Codecollection: rw-cli-codecollection


Monitors the health status of elasticache redis in the AWS region.

Tasks:
  • Scan ElastiCaches in AWS Region `${AWS_REGION}`