Skip to content

Instantly share code, notes, and snippets.

View alexpulver's full-sized avatar

Alex Pulver alexpulver

56 followers · 1 following
View GitHub Profile
@alexpulver
alexpulver / bootstrap.sh
Last active January 14, 2017 07:35
Suggested directory structure for tcltest-based test suites
#!/usr/bin/env bash
_MKDIR=/bin/mkdir
_MV=/bin/mv
if [ ! -e "tests-run" ]; then
echo "Please run bootstrap.sh from Git clone root directory"
exit
fi
@alexpulver
alexpulver / list_commands.sh
Created February 7, 2018 21:37
List AWS commands that have describe-account-limits subcommand
#!/bin/bash
export _subcommands="
acm
alexaforbusiness
apigateway
application-autoscaling
appstream
appsync
athena
@alexpulver
alexpulver / region_lockdown.json
Created September 30, 2018 12:04
AWS IAM policy example for locking down access to a single region
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "*",
"Resource": "*",
"Condition": {
"StringEquals": {
@alexpulver
alexpulver / workspaces_helpdesk.json
Created September 30, 2018 12:06
AWS IAM policy example for limited console access to Amazon WorkSpaces by a helpdesk personnel
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ds:DescribeTrusts",
"ds:DescribeDirectories",
"kms:ListKeys",
"kms:ListAliases",
@alexpulver
alexpulver / cfn_vpce_interface_ssm.json
Created September 30, 2018 12:08
AWS CloudFormation template example for Amazon VPC Endpoint of interface type
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VpcId": {
"Description": "VPC ID",
"Type": "AWS::EC2::VPC::Id"
}
},
"Resources": {
"SSMEndpoint": {
@alexpulver
alexpulver / cfn_waitcondition.json
Created September 30, 2018 12:11
AWS CloudFormation template example for signaling WaitCondition using cfn-signal helper
{
"AWSTemplateFormatVersion": "2010-09-09",
"Mappings": {
"RegionMap": {
"eu-west-1": {
"AMI": "ami-9cbe9be5"
}
}
},
"Parameters": {
@alexpulver
alexpulver / README.md
Last active December 4, 2018 20:29
Amazon EC2 self-service user permissions

Use case

Below is an example for IAM policy and commands to allow IAM users (could be federated users as well) create EC2 instances in self-service manner, while enforcing the following:

  • The IAM user must provide "owner" tag with their currently logged-in IAM username as value. Otherwise they won't be able to create the instance.
  • Each IAM user can start, stop and terminate their own instances only. The enforcement is based on currently logged-in IAM username.
  • The IAM user can only apply "owner" tag when creating the instance and cannot modify any tag later.

Documentation

Supported Resource-Level Permissions for Amazon EC2 API Actions

@alexpulver
alexpulver / README.md
Created December 17, 2018 08:20
AWS Chalice - Continuous Deployment (CD)

Deploying the demo

Global configuration

export AWS_PROFILE=NAME
export AWS_DEFAULT_REGION=REGION
git config --global credential.helper '!aws --profile '$AWS_PROFILE' codecommit credential-helper $@'
git config --global credential.UseHttpPath true
@alexpulver
alexpulver / s3_select_records.py
Created December 23, 2018 09:56
Iterating over records in Amazon S3 Select result
import boto3
client = boto3.client('s3')
response = client.select_object_content(
Bucket='string',
Key='string',
SSECustomerAlgorithm='string',
SSECustomerKey='string',
Expression='string',
@alexpulver
alexpulver / commands.txt
Created December 30, 2018 05:40
Example of using AWS CLI to configure and launch Amazon EC2 Fleet
aws ec2 create-fleet --cli-input-json file://config.json
aws ec2 describe-fleets
aws ec2 describe-fleet-instances --fleet-id fleet-3110fe2c-6589-4a42-8f75-12c1746e50a9
aws ec2 delete-fleets --fleet-ids fleet-3110fe2c-6589-4a42-8f75-12c1746e50a9 --terminate-instances