This repository contains scripts for AWS Developers, DevOps Engineers, and Cloud Architects. Tools focus on task automation and infrastructure management.
Tip
Launch Faster on AWS and Become Fully Secure From Day One! Our AWS Landing Zone Foundation service helps B2B companies achieve SOC 2 compliance 90% faster, redirect 30% of engineering time back to product development all while eliminating the six-figure cost of specialized cloud engineers. so you can focus on shipping your product, instead of worrying about managing your infrastructure on AWS.
Schedule a free introduction call to discover how we can deliver 10x the value of securing and building your infrastructure on AWS for a fraction of the cost of a full-time cloud engineer.
☁️ Learn more about our unique AWS Foundation Service
Is AWS complexity draining your engineering resources? Most B2B startups and growing businesses struggle with overwhelming configuration options, time-consuming compliance requirements, and diverting valuable developer talent away from core product development. Without specialized AWS expertise, you risk security vulnerabilities, mounting technical debt, and delayed time-to-market. All while your competitors race ahead.
Traditional AWS consultancies only compound this problem. They're incentivized to bill by the hour, extending projects indefinitely rather than focusing on your business outcomes. We take the opposite approach. Our fixed-price subscription model proves how confident we are in delivering results, not just billable hours. We succeed when you succeed, aligning our incentives with your growth rather than your AWS complexity.
We deliver an enterprise-grade AWS Landing Zone built entirely in AWS CDK coupled with a support and consultacy foundation that grows with your business needs. Here's what we'll deliver to you:
We deploy a Secure and Compliant Landing Zone
- Multi-account architecture with proper security boundaries
- Achieves a 100% score on the industry-standard CIS AWS Foundation Benchmark
- Achieves a 96% rating on AWS's own foundational security best practices
- Setup entirely using AWS CDK (Infrastructure as Code)
- Budget monitoring and notifications across all accounts
- Deploy changes quickly through GitHub Actions
- We're continuously adding new features as listed on our Roadmap
- They gain access to our library of ready-to-use, security-hardened AWS CDK components
- They receive guidance on how to utilize AWS best practices for your architecture so you avoid technical debt later on
- Gain new Landing Zone features once they're released and get free maintenance and security updates
- Get priority support through Slack/Teams whenever you need assistance with infrastructure challenges
- We proactively do quarterly security and cost optimization assessments to verify AWS account compliance and provide advice to reduce your AWS bill
- 30% Lower TCO: Cut your Total Cost of Ownership (TCO) by up to 30% through right-sized resources and architectural optimization while eliminating the $150K+ annual cost of a specialized AWS hire
- Close Enterprise Deals Faster: Win enterprise clients with SOC2 compliance ready in weeks instead of months - our clients report 50% faster sales cycles with security-conscious customers
- Unleash Your Development Team: Redirect up to 30% of engineering time from infrastructure back to revenue-generating product features with our pre-built, compliant components
- Scale Without Infrastructure Headaches: Grow from startup to enterprise without ever rebuilding your foundation - our architecture scales seamlessly from your first customer to your millionth
We deliver all of this as a simple subscription service. No large upfront costs, no lock-in. You'll essentially get a solid and secure landing zone foundation + a decade of AWS expertise without having to hire a full-time Cloud Engineer.
Navigate to the relevant AWS service section. Click on the script name in the table below to open the content and usage instructions.
This collection includes Python and Bash scripts for managing various AWS services. The scripts are organized by service for easy navigation.
| Category | Script Name | Description |
|---|---|---|
| AppStream | appstream_delete_image.py | Unshares AppStream image, then deletes it |
| CloudFormation | cfn_delete_stackset.py | Deletes stackset and associated instances |
| CloudWatch | cw_count_log_groups.py | Counts the total number of CloudWatch log groups in an AWS account |
| CloudWatch | cw_delete_log_groups.py | Deletes log groups based on age |
| CloudWatch | cw_fetch_log_groups_with_creation_date.py | Fetches log groups with creation date |
| CloudWatch | cw_set_retention_policy.py | Sets retention policy for log groups |
| CodePipeline | cp_slack_notifications.py | Enables notifications on Slack |
| EC2 | ec2_delete_unattached_volumes.py | Deletes unattached EBS volumes |
| EC2 | ec2_delete_orphaned_snapshots.py | Deletes snapshots that are not associated with any volumes |
| EC2 | ec2_delete_ssh_access_security_groups.py | Deletes SSH (port 22) inbound rules from all security groups |
| EC2 | ec2_delete_unused_amis.py | Deletes unused AMIs (Amazon Machine Images) in an AWS account |
| EC2 | ec2_delete_unused_eips.py | Deletes unused Elastic IPs |
| EC2 | ec2_delete_unused_keypairs_all_regions.py | Deletes unused EC2 keypairs in all regions |
| EC2 | ec2_delete_unused_keypairs_single_region.py | Deletes unused EC2 keypairs in a single region |
| EC2 | ec2_delete_tagged_security_groups.py | Deletes tagged security groups |
| EC2 | ec2_find_unattached_volumes.py | Finds unattached EBS volumes |
| EC2 | ec2_asg_ssh.sh | SSH wrapper for Auto Scaling group instances |
| EC2 | ec2_list_available_eips.sh | Lists unassociated Elastic IPs |
| EC2 | ec2_request_spot_instances.sh | Requests spot instances |
| EC2 | ec2_resize_volume.sh | Resizes EBS volume |
| ECS | ecs_delete_inactive_task_definitions.py | Deletes inactive ECS task definitions |
| ECS | ecs_publish_ecr_image.sh | Publishes Docker image to ECR |
| EFS | efs_delete_tagged_filesystems.py | Deletes tagged EFS and mount targets |
| IAM | iam_delete_user.py | Deletes IAM users |
| IAM | iam_identity_center_create_users.py | Create IAM Identity Center (SSO) users |
| IAM | iam_rotate_access_keys.py | Rotates IAM user keys |
| IAM | iam_assume_role.sh | Assumes IAM role |
| Organizations | org_assign_sso_access_by_ou.py | Assigns SSO access for accounts in an OU |
| Organizations | org_import_users_to_sso.py | Imports users/groups to AWS SSO |
| Organizations | org_list_accounts_by_ou.py | Lists accounts in an OU |
| Organizations | org_list_sso_assignments.py | Lists SSO assignments for accounts |
| Organizations | org_remove_sso_access_by_ou.py | Removes SSO access for accounts in an OU |
| S3 | s3_create_tar.py | Creates tar files |
| S3 | s3_delete_empty_buckets.py | Deletes empty S3 buckets |
| S3 | s3_list_old_files.py | Lists old files in S3 |
| S3 | s3_search_bucket_and_delete.py | Deletes S3 bucket and its contents |
| S3 | s3_search_bucket_and_download.py | Finds S3 bucket and download all its content |
| S3 | s3_search_file.py | Searches for files in S3 bucket |
| S3 | s3_search_key.py | Searches for a key in S3 bucket |
| S3 | s3_search_multiple_keys.py | Searches for multiple keys in S3 bucket |
| S3 | s3_search_subdirectory.py | Searches subdirectories in S3 |
| SSM | ssm_delete_parameters.sh | Deletes SSM parameters |
| SSM | ssm_import_parameters.sh | Imports SSM parameters |
| General | delete_unused_security_groups.py | Deletes unused security groups |
| General | aws_cli_aliases.sh | AWS CLI command aliases |
| General | tag_secrets_manager_secrets.py | Tags Secrets Manager secrets |
| General | set-alternate-contact.py | Sets alternate contacts for all accounts in an organization |
| General | multi_account_command_executor.py | Runs commands across multiple AWS accounts |
This section lists tools that enhance AWS usage across console, CLI, and APIs.
- AutoSpotting - Open-source spot market automation tool for easy adoption at scale.
- Awesome ECS - Curated list of ECS guides and resources.
- AWS Copilot CLI - CLI for building and operating containerized applications on ECS and Fargate.
- ECS Compose-X - Tool to generate CFN templates from docker-compose files with added AWS resource definitions.
- AWS IAM Actions - Comprehensive IAM action listing and policy generator.
- IAM Floyd - Fluent interface for IAM policy statement generation.
- IAM Zero - Automated least-privilege policy suggestion tool.
- AWS CDK Starterkit - Rapid AWS CDK app deployment via GitHub actions.
- AWS CloudFormation Starterkit - Rapid AWS CloudFormation stack deployment via GitHub actions.
- Awesome CDK - Curated list of AWS CDK resources.
- Awesome CloudFormation - Curated CloudFormation resources.
- Awesome Terraform - Curated Terraform resources.
- Former2 - Template generator from existing AWS resources.
- Open CDK Guide - Opinionated AWS CDK best practices guide.
- VSCode IAM Actions Snippets - Adds autocompletion in VS Code for AWS IAM policy actions.
- VSCode IAM Service Principal Snippets - Adds autocompletion in VS Code for AWS service principals.
- VSCode CDK Snippets - VS Code extension for CDK construct snippets.
- VSCode CloudFormation Snippets - VS Code extension for CloudFormation resource snippets.
- VSCode SAM Snippets - VS Code extension for CloudFormation resource snippets.
- AWS Lambda Power Tuning - Step Functions-based Lambda optimization tool.
- Serverless Cost Calculator Comparison - Cost comparison tool for serverless functions across cloud providers.
- Serverless Cost Calculator - AWS Lambda cost estimation tool.
- s3s3mirror - High-performance S3 bucket mirroring utility.
- Leapp - Cross-platform AWS programmatic access manager.
- Prowler - Open-source security assessment and auditing tool.
- AWS Security Tools - Curated list of AWS security tools.
- aws-gate - Enhanced AWS SSM Session Manager CLI.
- aws-ssm-ec2-proxy-command - SSH to EC2 via SSM without open ports.
- ssm-supercharged - SSM integration with OpenSSH, EC2 Instance Connect, and sshuttle.
- Cloud Custodian - Cloud governance platform for AWS.
- Service Screener - Tool to evaluate your AWS service configurations based on AWS and community best practices.
- Steampipe - SQL-like querying for AWS resources.
- AWS Nuke - AWS account resource removal tool.
This project exists thanks to all the people who contribute.
See how you can contribute to this repository.
