Skip to content

Instantly share code, notes, and snippets.

View andytumelty's full-sized avatar

Andy Tumelty andytumelty

8 followers · 4 following
View GitHub Profile
@andytumelty
andytumelty / vault_move_secret.py
Created July 17, 2019 13:11
import hvac
def move_secret(old_path, new_path, client=None, delete=False):
if not client:
client = hvac.Client()
response = client.secrets.kv.v1.read_secret(path=old_path)
response = client.secrets.kv.v1.create_or_update_secret(path=new_path, secret=response['data'])
@andytumelty
andytumelty / tf get resources from state
Last active February 23, 2018 11:32
Terraform state corrupt? Need to extract AWS resource IDs from a state file?
# aws s3 cp s3://path/to/terraform.tfstate tmp/
jq -r '.modules[].resources | keys[]' tmp/terraform.tfstate |\
grep '^aws_' |\
while read line
do
echo "%% $line"
jq -r ".modules[].resources[\"$line\"].primary.id" tmp/terraform.tfstate
done |\
grep -v null
@andytumelty
andytumelty / aws get instances
Last active August 31, 2023 16:37
function get-instances() {
name=$1
(
echo 'Name,PrivateIPAddress,State,LaunchTime (↓)' &&\
aws ec2 describe-instances --filters "Name=tag:Name,Values=$name" |\
jq -r '.Reservations[].Instances[] |
["\(.Tags | map(select(.Key == "Name").Value)[0])-\(.InstanceId)", .PrivateIpAddress, .State.Name, .LaunchTime] |
@csv' |\
tr -d '"' |\
sort -k 4
@andytumelty
andytumelty / Terraform: sensible diff for JSON objects
Last active May 16, 2018 14:48
Terraform: sensible diff for JSON objects
# E.g. Terraform IAM policies
terraform plan |\
grep ' policy: ' |\
sed 's/ *policy: *"\(.*\)" => "\(.*\)"/FROM\n\1\n%\nTO\n\2\n%/' |\
sed 's/\\n/\n/g' | sed 's/\\"/"/g' |\
gsplit -d -l 1 -t % - diff && \
diff -y diff00 diff01 && \
rm diff0*
@andytumelty
andytumelty / export aws sts cli assume role creds
Created October 2, 2017 09:10
# Save output of AWS STS Assume Role to temporary credentials file for further use
aws sts assume-role --role-arn arn:aws:iam::12345:role/role_to_assume --role-session-name laycat-session |\
jq '.Credentials | "[default]
aws_access_key_id=\(.AccessKeyId)
aws_secret_access_key=\(.SecretAccessKey)
aws_session_token=\(.SessionToken)
"' | xargs printf > ~/.aws/tmp
@andytumelty
andytumelty / AWS CLI Get Instances in ASG and return ID, name, state
Last active February 27, 2023 19:11
AWS CLI Get Instances in ASG and return ID, name, state
ASG=asg1 aws ec2 describe-instances --filters "Name=tag:aws:autoscaling:groupName,Values=$ASG" |\
jq '.Reservations[].Instances[] | [.InstanceId, (.Tags | map(select(.Key == "Name").Value)[0]), .State.Name]'
@andytumelty
andytumelty / ssh config for use with bastion host
Last active October 24, 2017 14:41
ssh config for use with bastion host
# bastion host for env1
Host env1
Hostname 1.2.3.4
User laycat
ForwardAgent yes
# Same user, simple pattern matching, allows `ssh host1.env1.fq.dn` from local host
Host *.env1.fq.dn
User laycat
ProxyCommand ssh -q env1 -W %h:22
@andytumelty
andytumelty / keybase.md
Created February 6, 2017 11:20

Keybase proof

I hereby claim:

  • I am laycat on github.
  • I am laycat (https://keybase.io/laycat) on keybase.
  • I have a public key ASBvWoGV2Cy5TBFEZd5wSba_Sk_bh7nvepo3EavsP53piwo

To claim this, I am signing this object:

@andytumelty
andytumelty / aws query example: show VPC ID, Name and CIDR
Last active March 13, 2024 17:56
AWS CLI List VPC ID, Name and CIDR Block
# display VPC ID, CIDR Block and Name
aws ec2 --output text --query 'Vpcs[*].{VpcId:VpcId,Name:Tags[?Key==`Name`].Value|[0],CidrBlock:CidrBlock}' describe-vpcs
@andytumelty
andytumelty / export-settings
Created December 12, 2015 21:43
gnome-terminal settings sync
#!/bin/sh
# export-settings
# echos all gnome-terminal dconf settings for the first gnome-terminal profile
# the idea is you'll direct the output of this to somewhere to be consumed by
# import-settings
# note: I have no idea what the order of the profiles list is. I only have one
# profile, so don't really care either
profile_id=$(dconf list /org/gnome/terminal/legacy/profiles:/ | head -1)