This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These are the scripts from the JavaEssentials.pkg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Allow incoming access to our instance via | |
## port 22, from the IAP servers | |
resource "google_compute_firewall" "inbound-ip-ssh" { | |
name = "allow-incoming-access-from-iap" | |
project = var.project_id | |
network = "default" | |
direction = "INGRESS" | |
allow { | |
protocol = "tcp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Define the required roles to access the VM | |
locals { | |
compute_roles = [ | |
"roles/compute.viewer", | |
"roles/compute.osLogin", | |
] | |
} | |
# Apply the roles to a user account | |
resource "google_project_iam_member" "assign-roles" { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a conditional IAM rule that grants access to establish an IAP tunnel | |
# IF the user is connecting from an authorised network defined in the access | |
# list | |
resource "google_iap_tunnel_iam_member" "allow-remote-access-to-iap" { | |
project = "<your-project-id>" | |
role = "roles/iap.tunnelResourceAccessor" | |
member = "user:calum.hunter@the.cloud" | |
condition { | |
title = "allow_remote_access_to_iap" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Creates an Access Level | |
# This access level will be used in | |
# a conditional IAM policy to restrict access | |
# to authorised users coming from authorised networks | |
resource "google_access_context_manager_access_level" "access-level" { | |
parent = "accessPolicies/<access-policy-id>" | |
name = "accessPolicies/<access-policy-id>/accessLevels/<my_access_level_name>" | |
title = "secure-iap-access-level" | |
description = "This access level lists the authorised network addresses" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Allow incoming access to our instance via | |
## port 22, from the IAP servers | |
resource "google_compute_firewall" "inbound-ip-ssh" { | |
name = "allow-incoming-ssh-from-iap" | |
project = var.project_id | |
network = "default" | |
direction = "INGRESS" | |
allow { | |
protocol = "tcp" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create an instance | |
resource "google_compute_instance" "my-instance" { | |
project = var.project_id | |
name = "my-instance-01" | |
machine_type = "e2-standard-2" | |
zone = var.zone | |
boot_disk { | |
initialize_params { | |
image = "debian-cloud/debian-9" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
######################################################################## | |
# Author: Calum Hunter # | |
# Date: 21/12/2016 # | |
# Version: 0.7 # | |
# Purpose: Fusion Drive Detection and general HD formatting before # | |
# imaging tasks. # | |
# # | |
######################################################################## |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Author: Calum Hunter | |
# Date: 28/11/2016 | |
# Version: 1.0 | |
# Purpose: To generate a Mac UID from the objectGUID attribute | |
# (GeneratedUID) in AD. | |
# This uses the same method that the Apple | |
# AD Plugin uses |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Manage DNS | |
// Create a private route53 zone | |
resource "aws_route53_zone" "this" { | |
name = "${var.dns_zone_name}" | |
vpc_id = "${var.vpc_id}" | |
} | |
// Create a dns record for the jenkins master private ip | |
resource "aws_route53_record" "master" { | |
zone_id = "${aws_route53_zone.this.id}" |
NewerOlder