CLOUDCUSTODIAN
|
1 Troubleshooting Commands
Contributed by stewartshea
Codecollection:
Counts the number of S3 buckets in an Account that are insecure or unhealthy.
Tasks:
Tasks:
- Count S3 Buckets With Public Access in AWS Account `${AWS_ACCOUNT_NAME}`
Source Code
Generates a report on S3 buckets in an Account that are insecure or unhealthy.
Tasks:
Tasks:
- List S3 Buckets With Public Access in AWS Account `AWS_ACCOUNT_NAME`
Discoverable
Check AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.
Tasks:
Tasks:
- Check for unencrypted RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for publicly accessible RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for disabled backup RDS instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
List AWS RDS instances that are unencrypted, publicly accessible, or have backups disabled.
Tasks:
Tasks:
- List Unencrypted RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List Publicly Accessible RDS Instances in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
- List RDS Instances with Backups Disabled in AWS Region `AWS_REGION` in AWS Account `AWS_ACCOUNT_ID`
Count the number of EC2 instances that are stale or stopped
Tasks:
Tasks:
- Check for stale AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for stopped AWS EC2 instances in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Check for invalid AWS Auto Scaling Groups in AWS Region `${AWS_REGION}` in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
Check for EC2 instances that are stale or stopped
Tasks:
Tasks:
- List stale AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List stopped AWS EC2 instances in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List invalid AWS Auto Scaling Groups in AWS Region AWS_REGION in AWS account AWS_ACCOUNT_ID
Counts the number of EBS resources by identifying unattached volumes, unused and aged snapshots, and unencrypted volumes.
Tasks:
Tasks:
- Check Unattached EBS Volumes in `${AWS_REGION}`
- Check Unencrypted EBS Volumes in `${AWS_REGION}`
- Check Unused EBS Snapshots in `${AWS_REGION}`
- Generate EBS Score
Check for AWS EBS resources by identifying unattached volumes, unused snapshots, and unencrypted volumes.
Tasks:
Tasks:
- List Unattached EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List Unencrypted EBS Volumes in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
- List Unused EBS Snapshots in AWS Region `AWS_REGION` in AWS account `AWS_ACCOUNT_ID`
Count publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled
Tasks:
Tasks:
- Check for publicly accessible security groups in AWS account `${AWS_ACCOUNT_ID}`
- Check for unused Elastic IPs in AWS account `${AWS_ACCOUNT_ID}`
- Check for unused ELBs in AWS account `${AWS_ACCOUNT_ID}`
- Check for VPCs with Flow Logs disabled in AWS account `${AWS_ACCOUNT_ID}`
- Generate Health Score
List publicly accessible security groups, unused EIPs, unused ELBs, and VPCs with flow logs disabled
Tasks:
Tasks:
- List Publicly Accessible Security Groups in AWS account `AWS_ACCOUNT_ID`
- List unused Elastic IPs in AWS account `AWS_ACCOUNT_ID`
- List unused ELBs in AWS account `AWS_ACCOUNT_ID`
- List VPCs with Flow Logs Disabled in AWS account `AWS_ACCOUNT_ID`