Last active
June 8, 2023 21:57
-
-
Save cdelashmutt-pivotal/89976ef9fa590b856dc81c5ae2966509 to your computer and use it in GitHub Desktop.
Disable GuardDuty in all regions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Borrowed heavily from https://gist.github.com/tomofuminijo/ac321d7b6423bab7f175c8795546bd9a | |
for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output json | jq -r '.[]' | tr '\n' ' '); do | |
echo Checking for detectors in $region | |
detector_id=$(aws guardduty list-detectors --region $region --query "DetectorIds[0]" --output text) | |
# if detector not exist, continue | |
if [ $detector_id = "None" ]; then | |
continue | |
fi | |
# delete members if exist | |
# get associated accounts | |
echo + Found $detector_id. Checking for associated accounts. | |
associated_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated true --query "Members[].AccountId" --output text --region $region) | |
if [ -n "$associated_account_ids" ]; then | |
echo + Disassociating accounts $associated_account_ids from detector $detector_id | |
aws guardduty disassociate-members --detector-id $detector_id --account-ids $associated_account_ids --region $region | |
fi | |
# diassociate members | |
# delete members | |
member_account_ids=$(aws guardduty list-members --detector-id $detector_id --only-associated false --query "Members[].AccountId" --output text --region $region) | |
if [ -n "$member_account_ids" ]; then | |
echo + Deleting members $member_account_ids from detector $detector_id | |
aws guardduty delete-members --detector-id $detector_id --account-ids $member_account_ids --region $region | |
fi | |
echo + Deleting detector $detector_id | |
aws guardduty delete-detector --detector-id $detector_id --region $region | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment