aws compute-optimizer get-recommendation-summaries --region ap-southeast-1 --query 'recommendationSummaries[?(recommendationResourceType==`Ec2Instance`)].summaries[]' --profile <name>-sing --output text
jq ".Findings[] | (.GeneratorId) + \",\" + (.AwsAccountId) + \",\" + (.CreatedAt|tostring) +\",\" + (.Title) +\",\"+ (.Description) +\",\"+(.Remediation.Recommendation.Url | tostring) +\",\" +(.Resources [] | .Type +\",\"+ .Id)" all_finding.json
Command line to find security hub findings
aws securityhub get-findings --filters "{\"SeverityLabel\":[{\"Value\":\"CRITICAL\",\"Comparison\":\"EQUALS\"}],\"ComplianceStatus\":[{\"Value\":\"FAILED\",\"Comparison\":\"EQUALS\"}],\"WorkflowState\":[{\"Value\":\"NEW\",\"Comparison\":\"EQUALS\"}], \"RecordState\":[{\"Value\":\"ACTIVE\",\"Comparison\":\"EQUALS\"}] }" --max-items 1 --profile audit
AWS Workspace extract report with mail id (AWS Workspace report with username and mail id)
aws workspaces describe-workspaces --profile --region "ap-southeast-2" --query Workspaces[*].[UserName] --output text | Get-ADUser | Select UserPrincipalName,SamAccountName |Export-CSV Files.csv
Mail of Workspace users
Get-ADGroupMember -Identity “Access-AWS” | Get-ADUser | select UserPrincipalName,SamAccountName
====Instance list in the same order of the fields ===
aws ec2 describe-instances --query "Reservations[].Instances[].[PrivateDnsName,InstanceId,ImageId,InstanceType,State.Name,Placement.AvailabilityZone,Tags[?Key=='Name']|[0].Value,KeyName,Monitoring.State,VpcId,SubnetId,Platform,PrivateIpAddress,PublicIpAddress,CpuOptions.CoreCount]" --profile dev --output text
COST OPTIMIZATIION
Workflow for EBS Deletion:
————————–
1.Script to check for all UNattached EBS in an Account
2.Scan for Retain Tag. Ex: Key = Backup:Retain and Value = Do Not Delete
3.If above tag is added then ignore the volume (NOT to delete it)
4.Else Delete the EBS irrespective of any other tags..
5.This script should run at 21:00 hrs AEST on SUNDAYS only.