Skip to content

Instantly share code, notes, and snippets.


A.J. Brown ajbrown

View GitHub Profile
ajbrown /
Last active Mar 14, 2018
EC2 Bootstrapping with AWS CLI Example

This file contains examples of using the AWS CLI to perform bootstrapping actions on EC2 instances through Userdata. These are useful in your terraform scripts to perform configuration that isn't natively supported.

Determine IP Address of EFS mount target

aws efs describe-mount-targets --file-system-id=fs-123456abcd | jq -r '.MountTargets[] | select(.SubnetId | contains("subnet-12345abcd")) | .IpAddress'
ajbrown /
Last active Nov 1, 2017
EC2 Deployment ServiceUpdate
#!/usr/bin/env bash
# Deploy a new image to an ECS service by creating a new task revision
# specifying a container repoository tag, and updating the service to use the new revision.
# Note: Your application's container MUST be the first container in the task revision.
#The tag to deploy. Specify as the first cli argument
ajbrown / ASGLeaderDetection.php
Last active Jan 25, 2021
Lambda and client code examples for ASG Leader detection. For more info, see
View ASGLeaderDetection.php
public function isLeader() {
$isLeader = true; // get my instance-id from the metadata service
$instanceId = exec('curl');
if (!empty($instanceId)) {
$isLeader = false;
$ec2 = \Aws\Ec2\Ec2Client::factory(['key' => AWS_ACCESS_KEY_ID, 'secret' => AWS_SECRET_KEY, 'region' => 'us-east-1']);
$data = $ec2->describeInstances(array('InstanceIds' => [$instanceId]));
if (!empty($data) && !empty($data['Reservations'])) {
$tags = $data['Reservations'][0]['Instances'][0]['Tags'];
ajbrown /
Created Dec 17, 2016
Dynamically determine the Java heap based on the total memory of the VM.
#!/usr/bin/env bash
totalMemKB=$(awk '/MemTotal:/ { print $2 }' /proc/meminfo)
let heapMB=$totalMemKB*$usagePercent/100/1024
JAV_OPTS="$JAVA_OPTS -Xmx${heapMB}M -Xms${heapMB}M"

Keybase proof

I hereby claim:

  • I am ajbrown on github.
  • I am adrianjbrown ( on keybase.
  • I have a public key ASASwbI7s2Xh6NiHcNPrdyoRmieDuNC6oSV8Inl8uPMVgwo

To claim this, I am signing this object:

ajbrown /
Created Aug 17, 2016
Create a new user, with a random password, allowing public key authentication
# Usage: <username> <path-to-pub-key>
# Credit to for inspiration:
useradd -s /bin/bash -m $USERNAME
openssl rand -base64 8 | tee -a /home/$USERNAME/.password | passwd --stdin $USERNAME
chmod 600 /home/$USERNAME/.password
ajbrown /
Last active Mar 19, 2021
Update a set of security groups, allowing SSH access from your current public IP address.
#!/usr/bin/env bash
# Add the security groups you want to allow the current IP address
# SSH access to by updating the "groups" array below. The user
# running the script must have the aws-cli installed and configured.
# Their credentials will be used for API calls, so access should be
# controlled that way.
# Note: It's a good idea to clean up these security groups regularly.
# I prefer to have a security group that I can remove all ingress rules
ajbrown / gist:8aea5189d8e84046a4f2
Created Mar 14, 2016
BackWPup S3 permissions. This includes the minimum permissions needed to allow the Wordpress BackWPup plugin to complete a backup job with an Amazon S3 destination.
View gist:8aea5189d8e84046a4f2
"Version": "2012-10-17",
"Statement": [
"Sid": "Stmt1457967512000",
"Effect": "Allow",
"Action": [
"Resource": [
ajbrown /
Created Nov 12, 2015
Add a filesystem to a drive (if it does not already have one), and mount it to a path.
# This script will ensure a device has a filesystem before mounting it to a given path.
# It will only attempt to create the filesystem if one does not already exist on the device.
# AUTHOR: A.J. Brown <>
ajbrown / gist:56ebad79f9fae4fb40c8
Created Sep 11, 2015
View gist:56ebad79f9fae4fb40c8
curl -XPOST -d '{ "actions" : [ { "add" : { "index" : "events-1", "alias" : "events-write" } },{ "add" : { "index" : "events-1", "alias" : "events-read" } },{ "add" : { "index" : "audit-1", "alias" : "audit-write" } },{ "add" : { "index" : "audit-1", "alias" : "audit-read" } }]}' \
-i http://user:Passw0rd@localhost:9200/_aliases