Skip to content

Instantly share code, notes, and snippets.

@dacappo
dacappo / secure-http-headers.yaml
Created August 22, 2019 18:26
Secure-by-default HTTP headers through filter configuration fo the Ingress gateway via Istio
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: security-by-default-header-filter
spec:
filters:
- listenerMatch:
listenerType: GATEWAY
filterType: HTTP
filterName: envoy.lua
#!/usr/bin/env bash
set -e
for full_name in $(kubectl get all -o name | grep -vE replicaset\|pod); do
name="$(echo "$full_name" | sed -e "s/.*\///g")";
type="$(echo "$full_name" | sed -e "s/\/.*//g")";
case "${type}" in
deployment*)
type=Deployment
;;
"service")
@incyclum
incyclum / AWS IAM Policy - ForceMFA.json
Last active April 2, 2020 20:02
AWS IAM Policy - Force MFA - This policy allows users to manage their own passwords and MFA devices but nothing else unless they authenticate with MFA -- *EDIT*: I forgot where I found it in the 1st place. In fact this policy is explained statement by statement in AWS docs: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_users-self-man…
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllUsersToListAccounts",
"Effect": "Allow",
"Action": [
"iam:ListAccountAliases",
"iam:ListUsers",
"iam:GetAccountPasswordPolicy",
@MattSurabian
MattSurabian / PackerPolicy.json
Last active May 27, 2022 21:46
Minimum IAM policy required by AWS for Packer to do its thing. https://github.com/mitchellh/packer Permissions are broken out by API functionality and a resource array has been defined with a wild card for each group. For tighter security resource level permissions can be applied per this documentation: http://aws.typepad.com/aws/2013/07/resourc…
{
"Statement": [
{
"Sid": "PackerSecurityGroupAccess",
"Action": [
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress"
@steder
steder / aws_sg_recipe.py
Created December 19, 2011 19:11
Create and update AWS security groups using Python and Boto.
#!/usr/bin/env python
"""
Recipe for creating and updating security groups programmatically.
"""
import collections
import boto