jamesoff · January 29, 2022 12:21
diff --git a/disable-guardduty-k8s-everywhere.sh b/disable-guardduty-k8s-everywhere.sh
 #!/usr/bin/env zsh

 # Disable Amazon GuardDuty's k8s log parsing thing everywhere
 # Assumes at most one GuardDuty detector in each region

 # Docs: https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html

 for r in $(aws ec2 describe-regions --query 'Regions[].RegionName' --output text); do
    detector=$( aws guardduty list-detectors --query DetectorIds --output text --region "$r" )
    if [[ -z $detector ]]; then
        echo "GuardDury not enabled in $r"
    else
        echo "Attempting to disable in $r ($detector)"
        aws guardduty update-detector \
            --detector-id "$detector" \
            --data-sources '{"Kubernetes":{"AuditLogs":{"Enable":false}}}' \
            --region "$r"
    fi
 done
	#!/usr/bin/env zsh

	# Disable Amazon GuardDuty's k8s log parsing thing everywhere
	# Assumes at most one GuardDuty detector in each region

	# Docs: https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html

	for r in $(aws ec2 describe-regions --query 'Regions[].RegionName' --output text); do
	detector=$( aws guardduty list-detectors --query DetectorIds --output text --region "$r" )
	if [[ -z $detector ]]; then
	echo "GuardDury not enabled in $r"
	else
	echo "Attempting to disable in $r ($detector)"
	aws guardduty update-detector \
	--detector-id "$detector" \
	--data-sources '{"Kubernetes":{"AuditLogs":{"Enable":false}}}' \
	--region "$r"
	fi
	done