AWS Actions

AWS Attach New Policy to User : AWS Attach New Policy to User

AWS Attach Tags to Resources : AWS Attach Tags to Resources

AWS Change ACL Permission of public S3 Bucket : AWS Change ACL Permission public S3 Bucket

AWS Check if RDS instances are not M5 or T3 : AWS Check if RDS instances are not M5 or T3

AWS Create Access Key : Create a new Access Key for the User

AWS Create IAM Policy : Given an AWS policy (as a string), and the name for the policy, this will create an IAM policy.

AWS Create Snapshot For Volume : Create a snapshot for EBS volume of the EC2 Instance for backing up the data stored in EBS

AWS Delete Access Key : Delete an Access Key for a User

AWS Delete Classic Load Balancer : Delete Classic Elastic Load Balancers

AWS Delete EBS Snapshot : Delete EBS Snapshot for an EC2 instance

AWS Delete ECS Cluster : Delete AWS ECS Cluster

AWS Delete Load Balancer : AWS Delete Load Balancer

AWS Delete Log Stream : AWS Delete Log Stream

AWS Delete NAT Gateway : AWS Delete NAT Gateway

AWS Delete RDS Instance : Delete AWS RDS Instance

AWS Delete Redshift Cluster : Delete AWS Redshift Cluster

AWS Delete Route 53 HealthCheck : AWS Delete Route 53 HealthCheck

AWS Delete Secret : AWS Delete Secret

AWS Describe Cloudtrails : Given an AWS Region, this Action returns a Dict with all of the Cloudtrail logs being recorded

AWS Detach Instances From AutoScaling Group : Use This Action to AWS Detach Instances From AutoScaling Group

AWS ECS Describe Task Definition. : Describe AWS ECS Task Definition.

AWS ECS Instances without AutoScaling policy : AWS ECS Instances without AutoScaling policy.

AWS ECS Services without AutoScaling policy : AWS ECS Services without AutoScaling policy.

AWS Filter All Manual Database Snapshots : Use This Action to AWS Filter All Manual Database Snapshots

AWS Filter Lambdas with Long Runtime : This action retrieves a list of all Lambda functions and searches for log events for each function for given runtime(duration).

AWS Filter Large EC2 Instances : This Action to filter all instances whose instanceType contains Large or xLarge, and that DO NOT have the largetag key/value.

AWS Filter Old EBS Snapshots : This action list a all snapshots details that are older than the threshold

AWS Filter Unused Log Stream : This action lists all log streams that are unused for all the log groups by the given threshold.

AWS Find EMR Clusters of Old Generation Instances : This action list of EMR clusters of old generation instances.

AWS Find Idle Instances : Find Idle EC2 instances

AWS Find Long Running EC2 Instances : This action list a all instances that are older than the threshold

AWS Find Low Connections RDS instances Per Day : This action will find RDS DB instances with a number of connections below the specified minimum in the specified region.

AWS Find RDS Instances with low CPU Utilization : This lego finds RDS instances are not utilizing their CPU resources to their full potential.

AWS Find Redshift Cluster without Pause Resume Enabled : Use This Action to AWS find redshift cluster for which paused resume are not Enabled

AWS Find Redshift Clusters with low CPU Utilization : Find underutilized Redshift clusters in terms of CPU utilization.

AWS Find S3 Buckets without Lifecycle Policies : S3 lifecycle policies enable you to automatically transition objects to different storage classes or delete them when they are no longer needed. This action finds all S3 buckets without lifecycle policies.

AWS Find Unused NAT Gateways : This action to get all of the Nat gateways that have zero traffic over those

AWS Get AWS Account Number : Some AWS functions require the AWS Account number. This programmatically retrieves it.

AWS Get All Load Balancers : AWS Get All Load Balancers

AWS Get All Service Names v3 : Get a list of all service names in a region

AWS Get Costs For All Services : Get Costs for all AWS services in a given time period.

AWS Get Costs For Data Transfer : Get daily cost for Data Transfer in AWS

AWS Get Daily Total Spend : AWS get daily total spend from Cost Explorer

AWS Get EBS Volumes for Low Usage : This action list low use volumes from AWS which used <10% capacity from the given threshold days.

AWS Get EC2 Instances About To Retired : AWS Get EC2 Instances About To Retired

AWS Get Generated Policy : Given a Region and the ID of a policy generation job, this Action will return the policy (once it has been completed).

AWS Get IAM Users with Old Access Keys : This Lego collects the access keys that have never been used or the access keys that have been used but are older than the threshold.

AWS Get Idle EMR Clusters : This action list of EMR clusters that have been idle for more than the specified time.

AWS Get Internet Gateway by VPC ID : AWS Get Internet Gateway by VPC ID

AWS Get Long Running ElastiCache clusters Without Reserved Nodes : This action gets information about long running ElastiCache clusters and their status, and checks if they have any reserved nodes associated with them.

AWS Get Long Running RDS Instances Without Reserved Instances : This action gets information about long running instances and their status, and checks if they have any reserved nodes associated with them.

AWS Get Long Running Redshift Clusters Without Reserved Nodes : This action gets information about running clusters and their status, and checks if they have any reserved nodes associated with them.

AWS Get NAT Gateway Info by VPC ID : This action is used to get the details about nat gateways configured for VPC.

AWS Get Network Load Balancer (NLB) without Targets : Use this action to get AWS Network Load Balancer (NLB) without Targets

AWS Get Older Generation RDS Instances : AWS Get Older Generation RDS Instances action retrieves information about RDS instances using older generation instance types.

AWS Get Private Address from NAT Gateways : This action is used to get private address from NAT gateways.

AWS Get Publicly Accessible DB Snapshots in RDS : AWS Get Publicly Accessible DB Snapshots in RDS

AWS Get Publicly Accessible RDS Instances : AWS Get Publicly Accessible RDS Instances

AWS Get Quotas for a Service : Given inputs of the AWS Region, and the Service_Code for a service, this Action will output all of the Service Quotas and limits.

AWS Get Redshift Query Details : Given an QueryId, this Action will give you the status of the Query, along with other data like the number of lines/

AWS Get Redshift Result : Given a QueryId, Get the Query Result, and format into a List

AWS Get Resources Missing Tag : Gets a list of all AWS resources that are missing the tag in the input parameters.

AWS Get Resources With Expiration Tag : AWS Get all Resources with an expiration tag

AWS Get Resources With Tag : For a given tag and region, get every AWS resource with that tag.

AWS Get Secrets Manager Secret : Get string (of JSON) containing Secret details

AWS Get Secrets Manager SecretARN : Given a Secret Name - this Action returns the Secret ARN

AWS Get Service Quota for a Specific ServiceName : Given an AWS Region, Service Code and Quota Code, this Action will output the quota information for the specified service.

AWS Get TTL For Route53 Records : Get TTL for Route53 records for a hosted zone.

AWS Get Tags of All Resources : AWS Get Tags of All Resources

AWS Get Untagged Resources : AWS Get Untagged Resources

AWS List Access Key : List all Access Keys for the User

AWS List All IAM Users : List all AWS IAM Users

AWS List All Regions : List all available AWS Regions

AWS List Application LoadBalancers ARNs : AWS List Application LoadBalancers ARNs

AWS List Attached User Policies : AWS List Attached User Policies

AWS List ECS Clusters with Low CPU Utilization : This action searches for clusters that have low CPU utilization.

AWS List Expiring Access Keys : List Expiring IAM User Access Keys

AWS List Hosted Zones : List all AWS Hosted zones

AWS List IAM Users With Old Passwords : This Lego filter gets all the IAM users' login profiles, and if the login profile is available, checks for the last password change if the password is greater than the given threshold, and lists those users.

AWS List Instances behind a Load Balancer. : List AWS Instances behind a Load Balancer

AWS List Instances in a ELBV2 Target Group : List AWS Instance in a ELBv2 Target Group

AWS List Unattached Elastic IPs : This action lists Elastic IP address and check if it is associated with an instance or network interface.

AWS List Unhealthy Instances in a ELBV2 Target Group : List AWS Unhealthy Instance in a ELBv2 Target Group

AWS List Unhealthy Instances in a Target Group : List Unhealthy Instances in a target group

AWS List Unused Secrets : This action lists all the unused secrets from AWS by comparing the last used date with the given threshold.

AWS Modify ALB Listeners HTTP Redirection : AWS Modify ALB Listeners HTTP Redirection

AWS Modify EBS Volume to GP3 : AWS recently introduced the General Purpose SSD (gp3) volume type, which is designed to provide higher IOPS performance at a lower cost than the gp2 volume type.

AWS Modify Publicly Accessible RDS Snapshots : AWS Modify Publicly Accessible RDS Snapshots

AWS Purchase ElastiCache Reserved Nodes : This action purchases a reserved cache node offering.

AWS Purchase RDS Reserved Instances : This action purchases a reserved DB instance offering.

AWS Purchase Redshift Reserved Nodes : This action purchases reserved nodes. Amazon Redshift offers a predefined set of reserved node offerings. You can purchase one or more of the offerings.

AWS Redshift Query : Make a SQL Query to the given AWS Redshift database

AWS Register/Unregister Instances from a Target Group. : Register/Unregister AWS Instance from a Target Group

AWS Release Elastic IP : AWS Release Elastic IP for both VPC and Standard

AWS Revoke Policy from IAM User : AWS Revoke Policy from IAM User

AWS Schedule Redshift Cluster Pause Resume Enabled : AWS Schedule Redshift Cluster Pause Resume Enabled

AWS Send Email with SES : This Action sends an Email with AWS Simple Email Service. Input the sender and recipient addresses, a subject and the body of the message (and the AWS region for SES), and your message will be sent.

AWS Service Quota Limits : Input a List of Service Quotas, and get back which of your instances are above the warning percentage of the quota

AWS Start IAM Policy Generation : Given a region, a CloudTrail ARN (where the logs are being recorded), a reference IAM ARN (whose usage we will parse), and a Service role, this will begin the generation of a IAM policy. The output is a String of the generation Id.

AWS Update Access Key : Update status of the Access Key

AWS Update TTL for Route53 Record : Update TTL for an existing record in a hosted zone.

AWS VPC service quota limit : This Action queries all VPC Storage quotas, and returns all usage over warning_percentage.

AWS get Unused Route53 Health Checks : AWS get Unused Route53 Health Checks

AWS list IAM users without attached policies : Get a list of all IAM users that do not have any user-managed or AWS-managed policies attached to them

AWS: Check for short Route 53 TTL : AWS: Check for short Route 53 TTL

AWS_Request_Service_Quota_Increase : Given an AWS Region, Service Code, quota code and a new value for the quota, this Action sends a request to AWS for a new value. Your Connector must have servicequotas:RequestServiceQuotaIncrease enabled for this to work.

AWS_VPC_service_quota_warning : Given an AWS Region and a warning percentage, this Action queries all VPC quota limits, and returns any of Quotas that are over the alert value.

Add Lifecycle Configuration to AWS S3 Bucket : Creates a new lifecycle configuration for the bucket or replaces an existing lifecycle configuration.

Apply AWS Default Encryption for S3 Bucket : Apply AWS Default Encryption for S3 Bucket

Apply AWS New Policy for S3 Bucket : Apply a New AWS Policy for S3 Bucket

Apply CORS Policy for S3 Bucket : Apply CORS Policy for S3 Bucket

Attach a webhook endpoint to AWS Cloudwatch alarm : Attach a webhook endpoint to one of the SNS attached to the AWS Cloudwatch alarm.

Attach an EBS volume to an AWS EC2 Instance : Attach an EBS volume to an AWS EC2 Instance

Check SSL Certificate Expiry : Check ACM SSL Certificate expiry date

Copy EKS Pod logs to bucket. : Copy given EKS pod logs to given S3 Bucket.

Create AWS Bucket : Create a new AWS S3 Bucket

Create Login profile for IAM User : Create Login profile for IAM User

Create New IAM User : Create New IAM User

Delete AWS Bucket : Delete an AWS S3 Bucket

Delete AWS Default Encryption for S3 Bucket : Delete AWS Default Encryption for S3 Bucket

Delete AWS EBS Volume by Volume ID : Delete AWS Volume by Volume ID

Delete EKS POD in a given Namespace : Delete a EKS POD in a given Namespace

Deregisters AWS Instances from a Load Balancer : Deregisters AWS Instances from a Load Balancer

Detach as AWS Instance with a Elastic Block Store : Detach as AWS Instance with a Elastic Block Store.

Disallow AWS RDS Instance public accessibility : Change public accessibility of RDS Instances to False.

EBS Modify Volume : Modify/Resize volume for Elastic Block Storage (EBS).

ECS detect failed deployment : List of stopped tasks, associated with a deployment, along with their stopped reason

EKS Get Running Pods : Get a list of running pods from given namespace and EKS cluster name

EKS Get pod status : Get a Status of given POD in a given Namespace and EKS cluster name

Filter AWS EBS Volume with Low IOPS : IOPS (Input/Output Operations Per Second) is a metric used to measure the amount of input/output operations that an EBS volume can perform per second.

Filter AWS EC2 Instance : Filter AWS EC2 Instance

Filter AWS EC2 Instances Without Lifetime Tag : Filter AWS EC2 Instances Without Lifetime Tag

Filter AWS EC2 Instances Without Termination and Lifetime Tag : Filter AWS EC2 Instances Without Termination and Lifetime Tag and Check of they are valid

Filter AWS EC2 instance by VPC Ids : Use this Action to Filter AWS EC2 Instance by VPC Ids

Filter AWS Target groups by tag name : Filter AWS Target groups which have the provided tag attached to it. It also returns the value of that tag for each target group

Filter AWS Unattached EBS Volume : Filter AWS Unattached EBS Volume

Filter AWS Unencrypted S3 Buckets : Filter AWS Unencrypted S3 Buckets

Filter AWS Untagged EC2 Instances : Filter AWS Untagged EC2 Instances

Filter AWS Unused Keypairs : Filter AWS Unused Keypairs

Filter All AWS EC2 Instance : Filter All AWS EC2 Instance

Find AWS ELBs with no targets or instances : Find AWS ELBs with no targets or instances attached to them.

Find AWS Lambdas Not Using ARM64 Graviton2 Processor : Find all AWS Lambda functions that are not using the Arm-based AWS Graviton2 processor for their runtime architecture

Finding Redundant Trails in AWS : This action will find a redundant cloud trail if the attribute IncludeGlobalServiceEvents is true, and then we need to find multiple duplications.

Get AWS ALB Listeners Without HTTP Redirection : Get AWS ALB Listeners Without HTTP Redirection

Get AWS AutoScaling Group Instances : Use This Action to Get AWS AutoScaling Group Instances

Get AWS Bucket Size : Get an AWS Bucket Size

Get AWS CloudWatch Alarms List : Get AWS CloudWatch Alarms List

Get AWS CloudWatch Metrics for AWS/ApplicationELB : Get AWS CloudWatch Metrics for AWS/ApplicationELB

Get AWS CloudWatch Metrics for AWS/AutoScaling : Get AWS CloudWatch Metrics for AWS EC2 AutoScaling groups

Get AWS CloudWatch Metrics for AWS/DynamoDB : Get AWS CloudWatch Metrics for AWS DynamoDB

Get AWS CloudWatch Metrics for AWS/ELB : Get AWS CloudWatch Metrics for Classic Loadbalancer

Get AWS CloudWatch Metrics for AWS/GatewayELB : Get AWS CloudWatch Metrics for AWS/GatewayELB

Get AWS CloudWatch Metrics for AWS/Lambda : Get AWS CloudWatch Metrics for AWS/Lambda

Get AWS CloudWatch Metrics for AWS/NetworkELB : Get AWS CloudWatch Metrics for Network Loadbalancer

Get AWS CloudWatch Metrics for AWS/RDS : Get AWS CloudWatch Metrics for AWS/RDS

Get AWS CloudWatch Metrics for AWS/Redshift : Get AWS CloudWatch Metrics for AWS/Redshift

Get AWS CloudWatch Metrics for AWS/SQS : Get AWS CloudWatch Metrics for AWS/SQS

Get AWS CloudWatch Statistics : Get AWS CloudWatch Statistics

Get AWS EBS Metrics from Cloudwatch : Get AWS CloudWatch Statistics for EBS volumes

Get AWS EBS Volume Without GP3 Type : AWS recently introduced the General Purpose SSD (gp3) volume type, which is designed to provide higher IOPS performance at a lower cost than the gp2 volume type.

Get AWS EC2 CPU Utilization Statistics from Cloudwatch : Get AWS CloudWatch Statistics for cpu utilization for EC2 instances

Get AWS EC2 Instances All : Use This Action to Get All AWS EC2 Instances

Get AWS EC2 Instances with a public IP : lists all EC2 instances with a public IP

Get AWS EC2 Metrics from Cloudwatch : Get AWS CloudWatch Metrics for EC2 instances. These could be CPU, Network, Disk based measurements

Get AWS EC2 with smaller CPU size : This action finds EC2 instances with smaller CPU size than threshold. (vCPU count)

Get AWS ECS Service Status : Get the Status of an AWS ECS Service

Get AWS EMR Instances : Get a list of EC2 Instances for an EMR cluster. Filtered by node type (MASTER|CORE|TASK)

Get AWS Instance Details with Matching Private DNS Name : Use this action to get details of an AWS EC2 Instance that matches a Private DNS Name

Get AWS Instances Details : Get AWS Instances Details

Get AWS Lambdas With High Error Rate : Get AWS Lambda Functions that exceed a given threshold error rate.

Get AWS Postgresql Max Configured Connections : Get AWS Postgresql Max Configured Connections

Get AWS RDS automated db snapshots above retention period : This Action gets the snapshots above a certain retention period.

Get AWS S3 Buckets : Get AWS S3 Buckets

Get AWS Security Group Details : Get details about a security group, given its ID.

Get AWS boto3 handle : Get AWS boto3 handle

Get AWS public S3 Buckets using ACL : Get AWS public S3 Buckets using ACL

Get Age of all EC2 Instances in Days : Get Age of all EC2 Instances in Days

Get CPU and memory utilization of node. : Get CPU and memory utilization of given node.

Get EBS Volumes By Type : Get EBS Volumes By Type

Get EC2 CPU Consumption For All Instances : Get EC2 CPU Consumption For All Instances

Get EC2 Data Traffic In and Out For All Instances : Get EC2 Data Traffic In and Out For All Instances

Get EKS Nodes : Get EKS Nodes

Get STS Caller Identity : Get STS Caller Identity

Get Schedule To Retire AWS EC2 Instance : Get Schedule To Retire AWS EC2 Instance

Get Stopped Instance Volumes : This action helps to list the volumes that are attached to stopped instances.

Get Timed Out AWS Lambdas : Get AWS Lambda functions that have exceeded the maximum amount of time in seconds that a Lambda function can run.

Get UnHealthy EC2 Instances for Classic ELB : Get UnHealthy EC2 Instances for Classic ELB

Get Unhealthy instances from ASG : Get Unhealthy instances from Auto Scaling Group

Get Unhealthy instances from ELB : Get Unhealthy instances from Elastic Load Balancer

Get all Targets for Network Load Balancer (NLB) : Use this action to get all targets for Network Load Balancer (NLB)

Get pod CPU and Memory usage from given namespace : Get all pod CPU and Memory usage from given namespace

Get secrets from secretsmanager : Get secrets from AWS secretsmanager

Launch AWS EC2 Instance From an AMI : Use this instance to Launch an AWS EC2 instance from an AMI

List All AWS EC2 Instances Under the ELB : Get a list of all AWS EC2 Instances from given ELB

List Expiring ACM Certificates : List All Expiring ACM Certificates

List of EKS Namespaces : Get list of all Namespaces in a given EKS cluster

List of EKS dead pods : Get list of all dead pods in a given EKS cluster

List of EKS deployment for given Namespace : Get list of EKS deployment names for given Namespace

List of EKS pods : Get list of all pods in a given EKS cluster

List of EKS pods not in RUNNING State : Get list of all pods in a given EKS cluster that are not running.

Make AWS Bucket Public : Make an AWS Bucket Public!

Plot AWS PostgreSQL Active Connections : Plot AWS PostgreSQL Action Connections

Read AWS S3 Object : Read an AWS S3 Object

Register AWS Instances with a Load Balancer : Register AWS Instances with a Load Balancer

Renew Expiring ACM Certificates : Renew Expiring ACM Certificates

Restart AWS EC2 Instances : Restart AWS EC2 Instances

Restart AWS ECS Service : Restart an AWS ECS Service

Run Command via AWS CLI : Execute command using AWS CLI

Run Command via SSM : Execute command on EC2 instance(s) using SSM

Run Kubectl commands on EKS Cluster : This action runs a kubectl command on an AWS EKS Cluster

Start AWS Instances : Start an AWS EC2 Instances

Stop AWS Instances : Stop an AWS Instance

Tag AWS Instances : Tag AWS Instances

Terminate AWS EC2 Instances : This Action will Terminate AWS EC2 Instances

Update AWS ECS Service : Update AWS ECS Service

Upload file to S3 : Upload a local file to S3