curl -Ls https://gist.githubusercontent.com/atheiman/45e45ada59e558b21f951d8e81faf345/raw/cloudshell-setup.sh?$RANDOM | bash
atheiman
/ template.yml
Last active
March 30, 2024 05:09
CloudFormation template to create a CodeCommit repo and CodeBuild CI/CD. Updates to the main branch and pull requests trigger builds. Feature branch build status is commented on pull requests.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage examples: | |
| # | |
| # Create a new CodeCommit repository with CodeBuild CI/CD | |
| # | |
| # aws cloudformation deploy \ | |
| # --stack-name my-new-project \ | |
| # --template-file ./template.yml \ | |
| # --capabilities CAPABILITY_IAM \ | |
| # --parameter-overrides 'RepositoryDescription=My new project description' | |
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install GNU parallel in a CentOS-based docker container (e.g. for CI/CD) | |
| # install needed dependencies | |
| yum install -q -y bzip2 tar make perl | |
| # download source | |
| curl -s -L -o /tmp/parallel.tar.bz2 https://ftpmirror.gnu.org/parallel/parallel-latest.tar.bz2 | |
| # extract source | |
| tar -C /tmp -xjf /tmp/parallel.tar.bz2 | |
| # navigate into extracted source | |
| cd /tmp/parallel-* | |
| # build and install |
atheiman
/ openssl-create-ca-and-server-cert.sh
Last active
February 11, 2024 01:25
Generate a CA cert and private key, then issue a cert to a server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -eux | |
| CA_FILE_PREFIX="${CA_FILE_PREFIX:-"example-corp-ca"}" | |
| CA_CN="${CA_CN:-"Example Corp CA"}" | |
| CA_SUBJ="${CA_SUBJ:-"/C=US/O=Example Corp/CN=${CA_CN}"}" | |
| SERVER_CN="${SERVER_CN:-"server.example.com"}" | |
| SERVER_FILE_PREFIX="${SERVER_FILE_PREFIX:-"${SERVER_CN}"}" | |
| SERVER_SUBJ="${SERVER_SUBJ:-"/C=US/O=Example Corp/CN=${SERVER_CN}"}" |
atheiman
/ 2x2Vpc.yaml
Last active
November 3, 2020 06:19
VPC with generated CIDR block determined by AWS account ID + Region. 4 subnets (Public/Private, 2 AZs).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: > | |
| Builds a basic /24 2x2 VPC (Public/Private, 2 AZs). The VPC CIDR block is determined by a combination | |
| of the account ID and Region, giving a _very strong_ probability of a unique range within an | |
| Organization. | |
| Parameters: | |
| VpcNameTag: | |
| Type: String | |
| Default: 2x2 | |
| VpcCidrSuffix: |
atheiman
/ cfn-no-resources.yaml
Created
October 2, 2020 01:22
CloudFormation template with no resources - useful when generating templates and no resources are added to a template.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Conditions: | |
| Never: | |
| Fn::Equals: [a, b] | |
| Resources: | |
| NullResource: | |
| Type: Custom::Null | |
| Condition: Never |
atheiman
/ Cfn-Stack.yml
Last active
February 11, 2024 01:26
Run command across accounts and regions with SSM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: > | |
| SSM Automation Document run a custom SSM Command Document | |
| against a fleet of target instances. | |
| Parameters: | |
| AutomationDocumentName: | |
| Type: String | |
| Description: Name of created SSM Automation Document | |
| Default: MyAutomation |
atheiman
/ User_Data.md
Last active
March 21, 2024 21:15
EC2 User Data examples for Windows and Linux
Add a local rdp user via user data at launch of a Windows EC2 instance. Note that this includes a password passed in thru both the user data and powershell command line and is a bad security practice because they can be viewed later. At a minimum, you should connect to the instance immediately after launch and change the password interactively. Also, delete the userdata from the instance after launch. More secure would be to connect the instance to a domain for authentication or use AWS native tooling to connect to the instance (e.g., AWS Session Manager).
<powershell>
# Be sure to set the username and password on these two lines. Of course this is not a good
# security practice to include a password at command line.
gene1wood
/ aws-lambda-relative-import-no-known-parent-package.md
Last active
March 15, 2024 14:13
Python relative imports in AWS Lambda fail with `attempted relative import with no known parent package`
These Kubernetes resource manifest yaml files demonstrate
vault.yaml
- setting up a test vault service
- configuring the vault service with kubernetes auth and a role for a test app
app.yaml
- running an app with a
vault-initinitContainer to login to vault and obtain a token - a
vault-secret-managercontainer to continuously interact with vault throughout the lifecycle of the app - an
appcontainer to use the secret saved by thevault-secret-managercontainer
NewerOlder