avishayil

{"level":"debug","ts":1669705807.9557645,"msg":"/validate"}
{"level":"warn","ts":1669705807.9558208,"msg":"no jwt found in request"}
{"level":"debug","ts":1669705807.955828,"msg":"domain vouch.xxxxxxxx-xxxxxxxx-xxx.com matched array value at [0]=xxxxxxxx-xxxxxxxx-xxx.com"}
{"level":"debug","ts":1669705807.955846,"msg":"CaptureWriter.Write set w.StatusCode 401"}
{"level":"info","ts":1669705807.955945,"msg":"|401|  107.511µs /validate","statusCode":401,"request":84,"latency":0.000107511,"avgLatency":0.000041799,"ipPort":"10.0.1.27:45214","method":"GET","host":"vouch.xxxxxxxx-xxxxxxxx-xxx.com","path":"/validate","referer":""}
{"level":"debug","ts":1669705808.6687164,"msg":"/login"}
{"level":"debug","ts":1669705808.6688216,"msg":"domain vouch.xxxxxxxx-xxxxxxxx-xxx.com matched array value at [0]=xxxxxxxx-xxxxxxxx-xxx.com"}
{"level":"debug","ts":1669705808.668937,"msg":"session state set to bEdJmhNtER4c0ClSoVss2yqyBlHd396"}
{"level":"debug","ts":1669705808.6690376,"msg":"Login url param normalized to 'https://k8sda

avishayil

# pip install PyJWT
# usage: decode_cookie.py [-h] -f COOKIE_FILE [-d]
# examples:
# § decode_cookie.py -f cookie.txt # Returns the JWT from cookie
# § decode_cookie.py -f cookie.txt -d # Decodes the inner PIdToken as well
#
# Python tool that takes vouch-proxy cookie as input and returns decoded and decompressed, parsed JWT token
#
# optional arguments:
#  -h, --help            show this help message and exit

avishayil

main.yml
dev/
  identity_providers/
    main.yml                # `iam_saml_federation` module tasks
    idp_metadata.xml        # idp metadata document
  groups/
    main.yml                # `iam_group` module tasks
  users/
    main.yml                # `iam_user` module tasks
  roles/

avishayil

---

- iam_policy:
    iam_type: role
    iam_name: Developer
    policy_name: DeveloperAccess
    policy_document: dev/policies/DeveloperAccess.json
    state: present

- iam_policy:

avishayil

---

- iam_role:
    name: Admin
    assume_role_policy_document: "{{ lookup('file','trust-okta.json') }}"
    managed_policy:
      - arn:aws:iam::aws:policy/AdministratorAccess
    state: present

- iam_role:

avishayil

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": [

avishayil

---
driver:
  name: ec2

platforms:
  - name: windows-2016
    driver_plugin: ec2
    driver_config:
      tags:
        created-by: test-kitchen

avishayil

#!/bin/bash

# (optional) You might need to set your PATH variable at the top here
# depending on how you run this script
# PATH=PATH

# Hosted Zone ID e.g. BJBK35SKMM9OE
ZONEID="ZONEID"

# The CNAME you want to update e.g. hello.example.com

avishayil

image: python:3.5.1

pipelines:
  branches:
    master:
      - step:
          script:
            - apt-get update # required to install zip
            - apt-get install -y zip # required for packaging up the application
            - pip install boto3==1.3.0 # required for beanstalk_deploy.py

avishayil

# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file
# except in compliance with the License. A copy of the License is located at
#
#     http://aws.amazon.com/apache2.0/
#
# or in the "license" file accompanying this file. This file is distributed on an "AS IS"
# BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under the License.