Andy Motta andymotta
andymotta
/ Jenkinsfile.groovy
Created
December 28, 2018 21:26
Use Terraform latest docker image in Declarative Jenkins Pipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pipeline { | |
| agent { | |
| docker { | |
| image 'hashicorp/terraform:latest' | |
| label 'LINUX-SLAVE' | |
| args '--entrypoint="" -u root -v /opt/jenkins/.aws:/root/.aws' | |
| } | |
| } | |
| options { | |
| ansiColor('xterm') |
andymotta
/ update_confluence.py
Created
April 10, 2019 19:42
Update/create a page containing a table w/ Confluence REST API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ''' | |
| Update/create a page containing a table w/ Confluence REST API | |
| ''' | |
| import requests | |
| import json | |
| # Get api credentials from local config file |
andymotta
/ cloudflare_warp.tf
Created
February 20, 2023 17:44
Deploy Cloudflare WARP (VPN tunnel) on Kubernetes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "cloudflare" { | |
| api_token = var.cf_api_token | |
| } | |
| variable "cf_api_token" {} | |
| variable "account_id" {} | |
| resource "random_id" "tunnel_secret" { | |
| byte_length = 35 | |
| } |
andymotta
/ external-dns.tf
Last active
March 24, 2023 23:42
cross-account external-dns on EKS with private Route53 zone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| eks_oidc_issuer_url = "https://${module.eks_blueprints.eks_oidc_issuer_url}" | |
| name = "external-dns" | |
| } | |
| data "tls_certificate" "eks_cluster" { | |
| url = local.eks_oidc_issuer_url | |
| } | |
| resource "aws_iam_openid_connect_provider" "eks_provider" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import os | |
| import time | |
| from watchdog.observers import Observer | |
| from watchdog.events import FileModifiedEvent, FileCreatedEvent | |
| import boto3 | |
| import mimetypes | |
| from botocore.exceptions import ClientError | |
| # Create an S3 client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: trigger jenkins job | |
| shell: "{{ lookup('template', 'trigger-jenkins.j2') }}" | |
| delegate_to: localhost | |
| - name: wait for job to complete | |
| wait_for: | |
| path: {{ lockfile }} | |
| timeout: 600 |
andymotta
/ find_user_from_access_key.py
Last active
June 22, 2022 11:17
Find an AWS IAM user corresponding to an AWS Access Key (boto3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find the IAM username belonging to the TARGET_ACCESS_KEY | |
| import boto3 | |
| from botocore.exceptions import ClientError | |
| iam = boto3.client('iam') | |
| def find_user(key): | |
| try: | |
| key_info = iam.get_access_key_last_used(AccessKeyId=key) |
andymotta
/ boto3_iam_access_key_rotation.py
Last active
November 24, 2021 10:04
Rotate AWS IAM access keys for every Boto profile on host (Compliance)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Meant to be scheudled on a cron/timer of 90 days (CIS Benchmark) | |
| ## The target keys need permissions to rotate themselves | |
| import boto3 | |
| from botocore.exceptions import ClientError | |
| import os | |
| from datetime import datetime | |
| import shutil | |
| from ConfigParser import SafeConfigParser |
andymotta
/ docker-ingest-node.json
Created
November 1, 2021 06:33
Elasticsearch ingest node pipeline for elastic docker logs driver (Swarm)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "processors": [ | |
| { | |
| "remove": { | |
| "field": [ | |
| "agent.ephemeral_id", | |
| "agent.hostname", | |
| "agent.id", | |
| "agent.type", | |
| "agent.version", |
andymotta
/ remote_state.tf
Created
December 28, 2018 18:05
Parameterize Terraform remote state (AWS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_caller_identity" "current" {} | |
| resource "aws_s3_bucket" "terraform_state" { | |
| bucket = "${data.aws_caller_identity.current.account_id}-tfstate" | |
| versioning { | |
| enabled = true | |
| } | |
| policy = <<POLICY | |
| { | |
| "Version": "2012-10-17", |
NewerOlder