This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~ docker run -t -v $PWD:/tf bridgecrew/checkov -d /tf | |
___| |__ ___ ___| | _______ __ | |
/ __| '_ \ / _ \/ __| |/ / _ \ \ / / | |
| (__| | | | __/ (__| < (_) \ V / | |
\___|_| |_|\___|\___|_|\_\___/ \_/ | |
By bridgecrew.io | version: 1.0.684 | |
terraform scan results: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: flask-app | |
labels: | |
app: flask | |
spec: | |
selector: | |
matchLabels: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data "template_file" "container_properties" { | |
template = file("templates/container_properties.yaml") | |
vars = { | |
bucket_name = var.bucket_name | |
} | |
} | |
data "aws_ssm_parameter" "image_id" { | |
name = "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create x509 cert if not building for cloud (common in local builds) | |
if [[ -z "${ROOTCA}" ]]; then flags="-x509 -days 365"; fi | |
mkdir -p /etc/ssl/{certs,private} | |
openssl req $flags -nodes -new -newkey rsa:4096 -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt -subj "/CN=${HOSTNAME}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data "aws_iam_policy_document" "fargate-role-policy" { | |
statement { | |
actions = ["sts:AssumeRole"] | |
principals { | |
type = "Service" | |
identifiers = ["ecs.amazonaws.com", "ecs-tasks.amazonaws.com"] | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Minimum Required Args: username (u) and cluster (c) | |
# | |
# Sample usage: | |
# Create a dev-user service account for the kubernetes cluster, in the dev namespace | |
# ./create-config.sh -c kubernetes -u dev-user -n dev -l $HOME/ca-directory | |
while getopts "u:c:n:l:" option; do | |
case $option in | |
u) USERNAME=$OPTARG;; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# A script to build libvirt images, attach to bond0, and run an initial playbook on startup | |
# ex. Linux 4x4 | |
# ./create -s hostname -r 4096 -d 50 -c 4 | |
while getopts 's:r:d:c:' flag; do | |
case "${flag}" in | |
s) server="${OPTARG}" ;; | |
r) ram=${OPTARG} ;; | |
d) disk=${OPTARG} ;; | |
c) vcpu=${OPTARG} ;; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Credit: https://github.com/jinty/prerender-cloudfront | |
// Credit: https://aws.amazon.com/blogs/networking-and-content-delivery/dynamically-route-viewer-requests-to-any-origin-using-lambdaedge/ | |
exports.handler = (event, context, callback) => { | |
const request = event.Records[0].cf.request; | |
const headers = request.headers; | |
const user_agent = headers['user-agent']; | |
if (user_agent) { | |
var prerender = /googlebot|bingbot|yandex|baiduspider|Facebot|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator/i.test(user_agent[0].value); | |
prerender = prerender || /_escaped_fragment_/.test(request.querystring); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name *.<%= @domain %>; | |
return 301 https://$host$request_uri; | |
} | |
server { | |
listen 443 ssl http2; | |
server_name <%= @domain %>; | |
ssl_certificate /etc/letsencrypt/live/<%= @domain %>/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/<%= @domain %>/privkey.pem; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#pylint: disable=broad-except,literal-comparison | |
""" | |
A function to grab the public ip and update a set of domains in Route 53 | |
""" | |
import argparse | |
import logging | |
from requests import get | |
from boto3 import client | |