Ajinkya aws dynamodb prevention #124
Conversation
| # Initialize a session using Amazon DynamoDB | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
docs/aws/audit/dynamodbmonitoring/rules/dax_cluster_encrypted_remediation.mdx
Show resolved
Hide resolved
docs/aws/audit/dynamodbmonitoring/rules/ddb_customer_kms_key_remediation.mdx
Show resolved
Hide resolved
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| 'AttributeName': 'PrimaryKey', | ||
| 'AttributeType': 'S' | ||
| } | ||
| ], |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ``` | ||
|
|
||
| 4. The above script will print out the names of all DynamoDB tables that do not have autoscaling enabled. If no output is produced, that means all tables have autoscaling enabled. If there is an error while checking a table, the error message will be printed. | ||
| </Accordion> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using Amazon DynamoDB | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| except Exception as e: | ||
| print(f"Error enabling continuous backups for table {table}: {e}") | ||
| ``` | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| print(f"Continuous backup is NOT enabled for {table.name}") | ||
| else: | ||
| print(f"Continuous backup is NOT enabled for {table.name}") | ||
| ``` |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| # Initialize a session using Amazon DynamoDB | ||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| 4. **Check the destination encryption**: | ||
| For each delivery stream, use the `describe_delivery_stream` method to get its details and check if the destination encryption is enabled. | ||
|
|
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| else: | ||
| print(f"Stream {stream_name} is not encrypted with a CMK") | ||
| else: | ||
| print(f"Stream {stream_name} does not have encryption enabled") |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| 4. Run the script. If a table is encrypted with a KMS Customer Master Key, the script will print the table name and the ARN of the key. If a table is not encrypted with a KMS Customer Master Key, the script will simply print the table name. | ||
|
|
||
| Please replace 'YOUR_ACCESS_KEY' and 'YOUR_SECRET_KEY' with your actual AWS access key and secret key. Also, replace 'us-west-2' with the AWS region that you're using. | ||
| </Accordion> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
|
|
||
| session = boto3.Session( | ||
| aws_access_key_id='YOUR_ACCESS_KEY', | ||
| aws_secret_access_key='YOUR_SECRET_KEY', |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| Please note that this is a simplified example and actual policy parsing might be more complex depending on the policy structure. | ||
| </Accordion> | ||
|
|
||
| </AccordionGroup> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| </Accordion> | ||
|
|
||
| </AccordionGroup> | ||
| </Tab> |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| 2. **Create a DynamoDB resource and client:** | ||
| You can create a DynamoDB resource and client using your AWS credentials. Replace 'your_access_key', 'your_secret_key', and 'your_region' with your actual AWS credentials. | ||
| ```python | ||
| dynamodb = boto3.resource('dynamodb', aws_access_key_id='your_access_key', aws_secret_access_key='your_secret_key', region_name='your_region') |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| You can create a DynamoDB resource and client using your AWS credentials. Replace 'your_access_key', 'your_secret_key', and 'your_region' with your actual AWS credentials. | ||
| ```python | ||
| dynamodb = boto3.resource('dynamodb', aws_access_key_id='your_access_key', aws_secret_access_key='your_secret_key', region_name='your_region') | ||
| client = boto3.client('dynamodb', aws_access_key_id='your_access_key', aws_secret_access_key='your_secret_key', region_name='your_region') |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| ```python | ||
| import boto3 | ||
|
|
||
| client = boto3.client('sagemaker') |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
| Then, configure your AWS credentials. You can do this by setting the following environment variables: | ||
| ``` | ||
| AWS_ACCESS_KEY_ID = 'your_access_key' | ||
| AWS_SECRET_ACCESS_KEY = 'your_secret_key' |
There was a problem hiding this comment.
Secret: Secret Keyword
Click here for more details
No description provided.