Skip to content

Instantly share code, notes, and snippets.

@avoidik
avoidik / AddCloudWatchEC2.md
Created Mar 27, 2019 — forked from akiatoji/AddCloudWatchEC2.md
Add CloudWatch Memory/Disk monitoring to EC2
View AddCloudWatchEC2.md

AWS EC2 Memory and Disk monitoring/alert

AWS kind of sucks when it comes to monitoring Memory and Disk usage on EC2, as in they don't provide it out of the box. AWS instead gives you a set of perl scripts to do this via CloudWatch custom metrics.

Details are here:

Monitoring Memory and Disk Metrics for Amazon EC2 Linux Instances

The following is the actual steps used to get Disk/Memory stats into CloudWatch

@avoidik
avoidik / script.sh
Created Feb 26, 2019
Vault patch secrets
View script.sh
# old cli - kv v1
vault read -format json -field data secret/foo/bar | \
jq '.baz = "qux"' | \
vault write secret/foo/bar -
# new cli - kv v2
vault kv patch ...
View encrypt_decrypt.py
#!/usr/bin/env python3
# https://stackoverflow.com/a/16740344/7747308
from Crypto.Cipher import AES
from Crypto import Random
from Crypto.Protocol.KDF import PBKDF2
def make_key(password, salt = None):
if salt is None:
@avoidik
avoidik / ec2-create-role.sh
Created Feb 19, 2019 — forked from li0nel/ec2-create-role.sh
EC2 Create Role for Docker Compose
View ec2-create-role.sh
# Create an IAM role
aws iam create-role --role-name Laravel-EC2-Role \
--assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'
# Add an IAM policy granting access to CloudWatch
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-CloudWatch-EC2-Permissions \
--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogStream","cloudwatch:PutMetricData","ec2:DescribeTags","logs:DescribeLogStreams","logs:CreateLogGroup","logs:PutLogEvents","ssm:GetParameter"],"Resource":"*"}]}'
# Add an IAM policy granting access to your S3 bucket
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-S3-EC2-Permissions \
@avoidik
avoidik / AWS Swarm cluster.md
Created Feb 19, 2019 — forked from ghoranyi/AWS Swarm cluster.md
Create a Docker 1.12 Swarm cluster on AWS
View AWS Swarm cluster.md

This gist will drive you through creating a Docker 1.12 Swarm cluster (with Swarm mode) on AWS infrastructure.

Prerequisites

You need a few things already prepared in order to get started. You need at least Docker 1.12 set up. I was using the stable version of Docker for mac for preparing this guide.

$ docker --version
Docker version 1.12.0, build 8eab29e

You also need Docker machine installed.

View pkcs_experiments_1.py
# load OpenSSL.crypto
from OpenSSL import crypto
# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open("/path/to/cert.p12", 'rb').read(), passwd)
# get various properties of said file.
# note these are PyOpenSSL objects, not strings although you
# can convert them to PEM-encoded strings.
p12.get_certificate() # (signed) certificate object
@avoidik
avoidik / encrypeted_cert_session.py
Created Feb 12, 2019 — forked from aiguofer/encrypeted_cert_session.py
Creating a Python requests session using a passphrase protected Client side Cert
View encrypeted_cert_session.py
import ssl
from requests.adapters import HTTPAdapter
CFG_FILE = '<path_to_cfg>'
secure_hosts = [
'https://<host>'
]
class SSLAdapter(HTTPAdapter):
def __init__(self, certfile, keyfile, password=None, *args, **kwargs):
@avoidik
avoidik / use_pfx_with_requests.py
Created Feb 12, 2019 — forked from erikbern/use_pfx_with_requests.py
How to use a .pfx file with Python requests – also works with .p12 files
View use_pfx_with_requests.py
import contextlib
import OpenSSL.crypto
import os
import requests
import ssl
import tempfile
@contextlib.contextmanager
def pfx_to_pem(pfx_path, pfx_password):
''' Decrypts the .pfx file to be used with requests. '''
@avoidik
avoidik / cert_test_pyca.py
Created Feb 12, 2019 — forked from rashley-iqt/cert_test_pyca.py
x509Adapter example with pyca/cryptography
View cert_test_pyca.py
import requests
from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
from cryptography.hazmat.backends import default_backend
from requests_toolbelt.adapters.x509 import X509Adapter
backend = default_backend()
with open('test_cert.p12', 'rb') as pkcs12_file:
pkcs12_data = pkcs12_file.read()
@avoidik
avoidik / cert_test_openssl.py
Created Feb 12, 2019 — forked from rashley-iqt/cert_test_openssl.py
x509Adapter example using OpenSSL
View cert_test_openssl.py
import requests
from OpenSSL.crypto import load_pkcs12
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_der_private_key
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
from requests_toolbelt.adapters.x509 import X509Adapter
with open('test_cert.p12', 'rb') as pkcs12_file:
pkcs12_data = pkcs12_file.read()
You can’t perform that action at this time.