David Adams daveadams

## acl-vault-tests.sh
#!/bin/bash

echo -n "Starting vault... "
vault server -dev &> vault-server.log &
vault_pid=$!
echo OK

shutdown() { trap "" EXIT; echo -n 'Shutting down... '; kill -9 $vault_pid; echo OK; exit $1; }
trap "shutdown 0" EXIT
trap "echo; echo 'Got interrupt signal!'; shutdown 255" INT

## too-old.sh
# too-old.sh
# Author: David Adams
# License: Public Domain
#
# Provides a bash function for listing EC2 instances with a given tag value older than a
# certain number of hours. This script is not particularly robust to unexpected error
# conditions. This is just a quick example.
#
# PREREQUISITES
#

## find-latest-ami.sh
#!/usr/bin/env bash

# Find the latest Amazon-created "Deep Learning AMI (Ubuntu 18.04)" AMI image ID
#
# args explanation:
#   --region us-east-1
#     Specifies the AWS region (you can also specify it in your
#     ~/.aws/config or via the `AWS_REGION` or `AWS_DEFAULT_REGION`
#     env vars)
#

## aws-roles-anywhere-request.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                daveadams
                / aws-roles-anywhere-request.md
            
            
              Created
              July 13, 2022 17:55
            
              
                AWS Roles Anywhere credential process request transcript
              
          
    Credential Process Command

$ ./aws_signing_helper credential-process \
    --profile-arn arn:aws:rolesanywhere:us-east-2:123456789012:profile/12345678-90ab-cdef-1234-567890abcdef \
    --role-arn arn:aws:iam::123456789012:role/roles-forever \
    --trust-anchor-arn arn:aws:rolesanywhere:us-east-2:123456789012:trust-anchor/12345678-90ab-cdef-1234-567890abcdef \
    --private-key tls/tls.key \
    --certificate tls/tls.crt \
    --region us-east-2 \

--no-verify-ssl \

  
## vault-ec2-auth.sh
#!/bin/bash
#
# vault-ec2-auth.sh
#   Authenticates an EC2 instance to Hashicorp Vault
#

# configuration stored in environment variables in /etc/vault/client.conf
# expected configuration (defaults are selected below if none is specified):
#   VAULT_ADDR = url of vault server
#   VAULT_ROLE = role name to authenticate as

## kuard.yml
apiVersion: v1
kind: Namespace
metadata:
  name: kuard
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuard
  labels:

## limits.sh
#!/bin/bash

regions="us-east-1 us-west-2 us-east-2 ca-central-1 eu-west-1 eu-central-1 ap-southeast-1 ap-southeast-2"
acct=$( aws iam list-account-aliases |jq -r .AccountAliases[] )

echo "Account $acct"

echo
echo vCPU Limits: A, C, D, H, I, M, R, T, Z
echo ========================================

## install-ansible.sh
#!/bin/bash -e

which pyenv &>/dev/null \
    || { echo "ERROR: pyenv not found" >&2; exit 1; }

grep -qFx 2.7.6 <(pyenv versions --bare) \
    || { echo "ERROR: python 2.7.6 not installed; run 'pyenv install 2.7.6'" >&2; exit 1; }

export PYENV_VERSION=2.7.6

## 01-vault-restore-poc.txt
To restore a filesystem-backed Vault instance:

  1. Shut down running Vault process (pkill vault)
  2. Make backup to new location (cp -r /original-storage /new-storage)
  3. Write a new config file to point to /new-storage
  4. Start new Vault process (vault server -config=new-config-file.hcl)
  5. DO NOT run `vault init`
  6. ONLY RUN `vault unseal <key1>`, etc...

## main.tf
variable "name" {}
variable "policy" {}

resource "null_resource" "acl" {
  triggers {
    name = "${var.name}"
    policy = "${var.policy}"
  }

  provisioner "local-exec" {
	#!/bin/bash

	echo -n "Starting vault... "
	vault server -dev &> vault-server.log &
	vault_pid=$!
	echo OK

	shutdown() { trap "" EXIT; echo -n 'Shutting down... '; kill -9 $vault_pid; echo OK; exit $1; }
	trap "shutdown 0" EXIT
	trap "echo; echo 'Got interrupt signal!'; shutdown 255" INT
	# too-old.sh
	# Author: David Adams
	# License: Public Domain
	#
	# Provides a bash function for listing EC2 instances with a given tag value older than a
	# certain number of hours. This script is not particularly robust to unexpected error
	# conditions. This is just a quick example.
	#
	# PREREQUISITES
	#
	#!/usr/bin/env bash

	# Find the latest Amazon-created "Deep Learning AMI (Ubuntu 18.04)" AMI image ID
	#
	# args explanation:
	# --region us-east-1
	# Specifies the AWS region (you can also specify it in your
	# ~/.aws/config or via the `AWS_REGION` or `AWS_DEFAULT_REGION`
	# env vars)
	#
	#!/bin/bash
	#
	# vault-ec2-auth.sh
	# Authenticates an EC2 instance to Hashicorp Vault
	#

	# configuration stored in environment variables in /etc/vault/client.conf
	# expected configuration (defaults are selected below if none is specified):
	# VAULT_ADDR = url of vault server
	# VAULT_ROLE = role name to authenticate as
	apiVersion: v1
	kind: Namespace
	metadata:
	name: kuard
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: kuard
	labels:
	#!/bin/bash

	regions="us-east-1 us-west-2 us-east-2 ca-central-1 eu-west-1 eu-central-1 ap-southeast-1 ap-southeast-2"
	acct=$( aws iam list-account-aliases \|jq -r .AccountAliases[] )

	echo "Account $acct"

	echo
	echo vCPU Limits: A, C, D, H, I, M, R, T, Z
	echo ========================================
	#!/bin/bash -e

	which pyenv &>/dev/null \
	\|\| { echo "ERROR: pyenv not found" >&2; exit 1; }

	grep -qFx 2.7.6 <(pyenv versions --bare) \
	\|\| { echo "ERROR: python 2.7.6 not installed; run 'pyenv install 2.7.6'" >&2; exit 1; }

	export PYENV_VERSION=2.7.6
	To restore a filesystem-backed Vault instance:

	1. Shut down running Vault process (pkill vault)
	2. Make backup to new location (cp -r /original-storage /new-storage)
	3. Write a new config file to point to /new-storage
	4. Start new Vault process (vault server -config=new-config-file.hcl)
	5. DO NOT run `vault init`
	6. ONLY RUN `vault unseal <key1>`, etc...
	variable "name" {}
	variable "policy" {}

	resource "null_resource" "acl" {
	triggers {
	name = "${var.name}"
	policy = "${var.policy}"
	}

	provisioner "local-exec" {