Skip to content

Instantly share code, notes, and snippets.

Avatar

Daniel Quackenbush danquack

View GitHub Profile
@danquack
danquack / checkov.log
Last active Jan 5, 2021
Infrastructure Testing
View checkov.log
~ docker run -t -v $PWD:/tf bridgecrew/checkov -d /tf
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 1.0.684
terraform scan results:
View deployment.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-app
labels:
app: flask
spec:
selector:
matchLabels:
View batch.tf
data "template_file" "container_properties" {
template = file("templates/container_properties.yaml")
vars = {
bucket_name = var.bucket_name
}
}
data "aws_ssm_parameter" "image_id" {
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id"
}
@danquack
danquack / create_cert.sh
Last active Sep 27, 2021
Securing traffic with ACM Private Certificate Authority
View create_cert.sh
# Create x509 cert if not building for cloud (common in local builds)
if [[ -z "${ROOTCA}" ]]; then flags="-x509 -days 365"; fi
mkdir -p /etc/ssl/{certs,private}
openssl req $flags -nodes -new -newkey rsa:4096 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt -subj "/CN=${HOSTNAME}"
View fargate.tf
data "aws_iam_policy_document" "fargate-role-policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs.amazonaws.com", "ecs-tasks.amazonaws.com"]
}
}
}
@danquack
danquack / create-config.sh
Created Sep 11, 2019
A script to create a kubeconfig, signed from a root CA
View create-config.sh
#!/bin/bash
# Minimum Required Args: username (u) and cluster (c)
#
# Sample usage:
# Create a dev-user service account for the kubernetes cluster, in the dev namespace
# ./create-config.sh -c kubernetes -u dev-user -n dev -l $HOME/ca-directory
while getopts "u:c:n:l:" option; do
case $option in
u) USERNAME=$OPTARG;;
@danquack
danquack / create.sh
Last active Apr 1, 2019
A script to build libvirt images, attach to bond0, and run an initial script on startup
View create.sh
# A script to build libvirt images, attach to bond0, and run an initial playbook on startup
# ex. Linux 4x4
# ./create -s hostname -r 4096 -d 50 -c 4
while getopts 's:r:d:c:' flag; do
case "${flag}" in
s) server="${OPTARG}" ;;
r) ram=${OPTARG} ;;
d) disk=${OPTARG} ;;
c) vcpu=${OPTARG} ;;
@danquack
danquack / seo_routing.js
Created Jan 27, 2019
Lambda function to dynamically route traffic if user-agent is crawler
View seo_routing.js
// Credit: https://github.com/jinty/prerender-cloudfront
// Credit: https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
const headers = request.headers;
const user_agent = headers['user-agent'];
if (user_agent) {
var prerender = /googlebot|bingbot|yandex|baiduspider|Facebot|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator/i.test(user_agent[0].value);
prerender = prerender || /_escaped_fragment_/.test(request.querystring);
@danquack
danquack / nginx.conf.erb
Created Nov 1, 2018
Nginx Dynamic Config with Internal Domain DNS Resolution
View nginx.conf.erb
server {
listen 80;
server_name *.<%= @domain %>;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name <%= @domain %>;
ssl_certificate /etc/letsencrypt/live/<%= @domain %>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<%= @domain %>/privkey.pem;
@danquack
danquack / public_ip_update_domains.py
Last active Oct 29, 2018
A function to update DynamoDB Route 53 with your public ip address
View public_ip_update_domains.py
#pylint: disable=broad-except,literal-comparison
"""
A function to grab the public ip and update a set of domains in Route 53
"""
import argparse
import logging
from requests import get
from boto3 import client