Formatting

facebookincubator · Aug 7, 2023 · 24fa119 · 24fa119
1 parent 61d81e5
commit 24fa119
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 4 deletions.
diff --git a/cloud/aws/iam/enumerate-iam/enumerate-iam.yaml b/cloud/aws/iam/enumerate-iam/enumerate-iam.yaml
@@ -5,10 +5,10 @@ description: |
   brute force using the
   [enumerate-iam](https://github.com/andresriancho/enumerate-iam) tool.
 args:
+  - name: cleanup
   - name: detect
   - name: eiam_path
   - name: extended_scan
-  - name: cleanup
 
 steps:
   - name: setup
@@ -99,7 +99,6 @@ steps:
         if [[ "{{args.cleanup}}" == true ]]; then
           echo "Uninstalling Python packages..."
           cd {{args.eiam_path}} && pip3 uninstall -y -r requirements.txt
-
           if [[ -d "{{args.eiam_path}}" ]]; then
               echo "Cleaning up enumerate-iam repository..."
               rm -rf {{args.eiam_path}}

diff --git a/cloud/aws/iam/escalate-old-iam-user/escalate-old-iam-user.yaml b/cloud/aws/iam/escalate-old-iam-user/escalate-old-iam-user.yaml
@@ -10,10 +10,12 @@ steps:
   - name: ensure-aws-creds-present
     inline: |
       set -e
+
       if [[ -z "${AWS_DEFAULT_REGION}" ]]; then
         echo "error: AWS_DEFAULT_REGION must be set."
         exit 1
       fi
+
       if [[ -n "${AWS_ACCESS_KEY_ID}" && -n "${AWS_SECRET_ACCESS_KEY}" ]]; then
         if [[ -z "${AWS_SESSION_TOKEN}" ]]; then
           echo "warning: AWS_SESSION_TOKEN is not set with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY."
@@ -23,6 +25,11 @@ steps:
         exit 1
       fi
 
+      if ! command -v aws &> /dev/null; then
+          echo "Error: aws cli is not installed on the current system, can't run enumerate-iam"
+          exit 1
+      fi
+
   - name: ensure-aws-cli-present
     inline: |
       set -e
@@ -37,13 +44,15 @@ steps:
     inline: |
       set -e
       # Add the user to the group
-      aws iam add-user-to-group --user-name {{args.user}} --group-name {{args.group}}
+      aws iam add-user-to-group --user-name {{args.user}} \
+        --group-name {{args.group}}
 
     cleanup:
       name: cleanup
       inline: |
         set -e
         if [[ "{{args.cleanup}}" == true ]]; then
           # Remove the user from the group
-          aws iam remove-user-from-group --user-name {{args.user}} --group-name {{args.group}}
+          aws iam remove-user-from-group --user-name {{args.user}} \
+            --group-name {{args.group}}
         fi
diff --git a/cloud/aws/iam/exfil-instance-profile-creds/exfil-instance-profile-creds.yaml b/cloud/aws/iam/exfil-instance-profile-creds/exfil-instance-profile-creds.yaml
@@ -8,10 +8,12 @@ steps:
   - name: ensure-aws-creds-present
     inline: |
       set -e
+
       if [[ -z "${AWS_DEFAULT_REGION}" ]]; then
         echo "AWS_DEFAULT_REGION must be set."
         exit 1
       fi
+
       if [[ -n "${AWS_ACCESS_KEY_ID}" && -n "${AWS_SECRET_ACCESS_KEY}" ]]; then
         if [[ -z "${AWS_SESSION_TOKEN}" ]]; then
           echo "AWS_SESSION_TOKEN must be set when using AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY."
@@ -25,6 +27,7 @@ steps:
   - name: ensure-aws-cli-present
     inline: |
       set -e
+
       if ! [ -x "$(command -v aws)" ]; then
         echo 'Error: AWS CLI is not installed.' >&2
       else
@@ -37,6 +40,7 @@ steps:
   - name: cleanup
     inline: |
       set -e
+
       if [[ "{{args.cleanup}}" == true ]]; then
         bash scripts/cleanup.sh
       fi