- Highly available key generation, storage, management, and auditing solution to encrypt or digitally sign data within applications or control the encryption of data across AWS services.
Enable Private DNS Name
makes the standard AWS KMS DNS hostname (https://kms.region.amazonaws.com) resolve to VPC endpoint.- Supports Symmetric (256-bit key that is used for encryption and decryption) and Asymmetric CMKs (an RSA key pair that is used for encryption and decryption or signing and verification but not both, or an elliptic curve (ECC) key pair that is used for signing and verification).
- Asymmetric customer managed CMKs - the key material can only be generated within AWS KMS HSMs and no option for automatic key rotation.
- Symmetric CMKs and the private keys of Asymmetric CMKs never leave AWS KMS unencrypted and AWS KMS does not store, manage, or track data keys.
- Cryptographic Operations
Decrypt
,Encrypt
,GenerateDataKey
,GenerateDataKeyPair
, `GenerateDataKeyPai
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -v "https://mybucket.s3.amazonaws.com/" \ | |
-F "key=path/to/file.txt" \ | |
-F "AWSAccessKeyId=access_key" \ | |
-F "x-amz-security-token=security_token" \ | |
-F "policy=base64_encoded_policy" \ | |
-F "signature=signature" \ | |
-F "file=@file.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -F "firstname=John" -F"lastname=Doe" "https://httpbin.org/post" -F"file=@file.txt" | |
{ | |
"args": {}, | |
"data": "", | |
"files": { | |
"file": "This is a test file\n" | |
}, | |
"form": { | |
"firstname": "John", | |
"lastname": "Doe" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example to bulk upload files to S3 | |
# A local source directory and sample pattern are provided as variables. | |
# All matching files are uploaded to S3 | |
locals { | |
file_list = toset(fileset(var.source_path, var.source_file_pattern)) | |
# If you use terragrunt, use this local block instead to ignore | |
# the .terragrunt-source-manifest file it adds to each directory. | |
# This is useful if there is no common pattern to files. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
modules: | |
http_2xx: | |
prober: http | |
timeout: 5s | |
http: | |
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] | |
valid_status_codes: [] | |
method: GET | |
preferred_ip_protocol: "ip4" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
image: hashicorp/terraform:1.0.7 | |
definitions: | |
scripts: | |
- script: &aws-context | |
export AWS_REGION=REPLACE_WITH_REGION_TO_USE; | |
export AWS_WEB_IDENTITY_TOKEN_FILE=$(pwd)/web-identity-token; | |
export AWS_ROLE_SESSION_NAME=build-session; | |
export AWS_ROLE_ARN=REPLACE_WITH_ROLE_ARN_TO_USE; | |
echo $BITBUCKET_STEP_OIDC_TOKEN > $(pwd)/web-identity-token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PromQL query to calculate how much CPU a particular pod is consuming on a particular instance | |
# Labels available after this query - ec2 and pod | |
# | |
# Required: node_exporter exposing node_cpu* metrics | |
# cadvisor exposing container_cpu* metrics | |
# | |
sum(label_replace(rate(container_cpu_usage_seconds_total{cluster="k8s"}[1m]), | |
"ec2", "$1", "instance", "(.+):.+")) by (ec2, pod) / ignoring (pod) group_left | |
sum(label_replace(rate(node_cpu_seconds_total{cluster="k8s"}[1m]), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Bitbucket pipelines currently do not offer a way to specify a condition | |
# to only trigger jobs based on the target branch. | |
# | |
# See this - https://jira.atlassian.com/browse/BCLOUD-17859 | |
# | |
# You need to use '**' filter to trigger the pipeline on every PR, and | |
# then filter for your specific branch in the pipeline | |
# | |
# Another problem with Bitbucket pipelines is there is no ability to "reject" | |
# a pipeline execution, so a manual trigger step is not very helpful as a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Error seen when trying to install something with brew or even update formula | |
# | |
% brew update | |
fatal: Could not resolve HEAD to a revision | |
Already up-to-date. | |
% git -C $(brew --repo homebrew/core) checkout master | |
Branch 'master' set up to track remote branch 'master' from 'origin'. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
role_arn = { | |
development = "arn:aws:iam::123456789012:role/TFRole" | |
production = "arn:aws:iam::123456789013:role/TFRole" | |
} |
OlderNewer