Skip to content

Instantly share code, notes, and snippets.

View danquack's full-sized avatar

Daniel Quackenbush danquack

View GitHub Profile
@danquack
danquack / checkov.log
Last active January 5, 2021 04:37
Infrastructure Testing
~ docker run -t -v $PWD:/tf bridgecrew/checkov -d /tf
___| |__ ___ ___| | _______ __
/ __| '_ \ / _ \/ __| |/ / _ \ \ / /
| (__| | | | __/ (__| < (_) \ V /
\___|_| |_|\___|\___|_|\_\___/ \_/
By bridgecrew.io | version: 1.0.684
terraform scan results:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flask-app
labels:
app: flask
spec:
selector:
matchLabels:
@danquack
danquack / batch.tf
Created May 14, 2020 03:17
POC for Batch
data "template_file" "container_properties" {
template = file("templates/container_properties.yaml")
vars = {
bucket_name = var.bucket_name
}
}
data "aws_ssm_parameter" "image_id" {
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id"
}
@danquack
danquack / create_cert.sh
Last active September 27, 2021 03:30
Securing traffic with ACM Private Certificate Authority
# Create x509 cert if not building for cloud (common in local builds)
if [[ -z "${ROOTCA}" ]]; then flags="-x509 -days 365"; fi
mkdir -p /etc/ssl/{certs,private}
openssl req $flags -nodes -new -newkey rsa:4096 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt -subj "/CN=${HOSTNAME}"
@danquack
danquack / fargate.tf
Last active January 26, 2020 17:50
Private Fargate Instance with no internet egress: https://dev.to/danquack/private-fargate-deployment-with-vpc-endpoints-1h0p
data "aws_iam_policy_document" "fargate-role-policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs.amazonaws.com", "ecs-tasks.amazonaws.com"]
}
}
}
@danquack
danquack / create-config.sh
Created September 11, 2019 14:46
A script to create a kubeconfig, signed from a root CA
#!/bin/bash
# Minimum Required Args: username (u) and cluster (c)
#
# Sample usage:
# Create a dev-user service account for the kubernetes cluster, in the dev namespace
# ./create-config.sh -c kubernetes -u dev-user -n dev -l $HOME/ca-directory
while getopts "u:c:n:l:" option; do
case $option in
u) USERNAME=$OPTARG;;
@danquack
danquack / create.sh
Last active April 1, 2019 01:20
A script to build libvirt images, attach to bond0, and run an initial script on startup
# A script to build libvirt images, attach to bond0, and run an initial playbook on startup
# ex. Linux 4x4
# ./create -s hostname -r 4096 -d 50 -c 4
while getopts 's:r:d:c:' flag; do
case "${flag}" in
s) server="${OPTARG}" ;;
r) ram=${OPTARG} ;;
d) disk=${OPTARG} ;;
c) vcpu=${OPTARG} ;;
@danquack
danquack / seo_routing.js
Created January 27, 2019 23:29
Lambda function to dynamically route traffic if user-agent is crawler
// Credit: https://github.com/jinty/prerender-cloudfront
// Credit: https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/
exports.handler = (event, context, callback) => {
const request = event.Records[0].cf.request;
const headers = request.headers;
const user_agent = headers['user-agent'];
if (user_agent) {
var prerender = /googlebot|bingbot|yandex|baiduspider|Facebot|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator/i.test(user_agent[0].value);
prerender = prerender || /_escaped_fragment_/.test(request.querystring);
@danquack
danquack / nginx.conf.erb
Created November 1, 2018 03:44
Nginx Dynamic Config with Internal Domain DNS Resolution
server {
listen 80;
server_name *.<%= @domain %>;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name <%= @domain %>;
ssl_certificate /etc/letsencrypt/live/<%= @domain %>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<%= @domain %>/privkey.pem;
@danquack
danquack / public_ip_update_domains.py
Last active October 29, 2018 03:15
A function to update DynamoDB Route 53 with your public ip address
#pylint: disable=broad-except,literal-comparison
"""
A function to grab the public ip and update a set of domains in Route 53
"""
import argparse
import logging
from requests import get
from boto3 import client