Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

David Norman deekayen

🏠
Working from home
View GitHub Profile
@deekayen
deekayen / deekayen_iterm_profile.json
Created Dec 18, 2020
My custom iTerm default profile for deekayen-macbook
View deekayen_iterm_profile.json
{
"Working Directory" : "\/Users\/deekayen",
"Prompt Before Closing 2" : 0,
"Selected Text Color" : {
"Green Component" : 1,
"Blue Component" : 0.999828040599823,
"Red Component" : 0.99989014863967896
},
"Rows" : 25,
"Ansi 11 Color" : {
@deekayen
deekayen / twistlock_runtime_container.sh
Created Dec 7, 2020
Pull CSV output from the Twistlock API to list vulnerabilities in runtime images and their hosts. Prints to screen.
View twistlock_runtime_container.sh
#!/bin/bash
API="us-east1.cloud.twistlock.com/us-2-158255947"
echo "Logging in..."
JWT="$(curl -s \
-H "Content-Type: application/json" \
-X POST \
-d \
'{
@deekayen
deekayen / README.md
Last active Nov 18, 2020
AWS HIPAA eligible services to process, store, and transmit protected health information (PHI) translated to AWS CLI service commands.
View README.md

Help yourself get a quick idea what services are permitted for HIPAA protected PHI in AWS. AWS gives you a list that's formatted in all the formal marketing names, but this translates it to the AWS CLI commands.

This list was manually generated from the AWS HIPAA Eligible Services Reference based on me using my eyeballs to compare the reference page to the AWS CLI version 2 documentation list of commands. I infered some commands like appconfig as a capability of Systems Manager, or dlm as part of Elastic Block Store which is are permitted services.

You should expect to find errors, omissions, and other legal problems, as you should expect from random, free stuff you find on the Internet.

@deekayen
deekayen / README.md
Last active Nov 18, 2020
Loop through AWS accounts to get a list of services they're using. Expects aliases to be already configured and logged-in on saml2aws.
View README.md

Setup each account alias (e.g. 0440) in ~.saml2aws:

[0440]
app_id               =
url                  = https://yourcompany.okta.com/home/amazon_aws/0oampop23kld3JI9b0x7/272
username             = david.norman@example.com
provider             = Okta
mfa                  = PUSH
skip_verify          = false
@deekayen
deekayen / .aws_config
Last active Nov 17, 2020
Connect to AWS using saml2aws 2.27.1 on MacOS installed by homebrew via Okta configured with PUSH MFA.
View .aws_config
[profile sandbox]
region = us-east-1
[profile dev]
region = us-east-1
[profile prod]
region = us-east-1
[default]
@deekayen
deekayen / saml-list-all.sh
Last active Nov 9, 2020
List all services used in AWS with aws-list-all python pip package.
View saml-list-all.sh
#!/bin/zsh
saml2aws exec 'aws-list-all query --parallel 1 --region us-east-1 | grep "+++" | cut -d" " -f2 | sort | uniq'
@deekayen
deekayen / .gitlab-ci.yml
Created Oct 22, 2020
Lint Ansible using GitLab Runners in kubernetes.
View .gitlab-ci.yml
---
default:
image:
name: cytopia/ansible:latest-tools
entrypoint: ["/bin/sh", "-c"]
tags:
- kubernetes
ansible-lint:
@deekayen
deekayen / .gitlab-ci.yml
Created Aug 3, 2020
Build a Docker container and then scan it with Aquasec Trivy in GitLab CI. Fail for HIGH and CRITICAL findings.
View .gitlab-ci.yml
trivy:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables:
@deekayen
deekayen / .gitlab-ci.yml
Created Aug 3, 2020
Build a Docker container and then scan it with Quay Clair.
View .gitlab-ci.yml
clair:
tags:
- kubernetes
stage: test
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2375/
## Define two new variables based on GitLab's CI/CD predefined variables
## https://docs.gitlab.com/ee/ci/variables/#predefined-variables-environment-variables
@deekayen
deekayen / .gitlab-ci.yml
Last active Feb 15, 2021
Scan a docker contianer with Prisma Cloud Twistlock twistcli and report the results to the Prisma Cloud dashboard. Some variables are stored in the repository's CI variables configuration in the GitLab web interface. The $prisma_cloud_compute_url should be something like https://us-east1.cloud.twistlock.com/us-2-1111111111111, not https://api2.p…
View .gitlab-ci.yml
prisma-cloud:
tags:
- kubernetes
stage: test
image: docker:stable
services:
- name: docker:dind
entrypoint: ["env", "-u", "DOCKER_HOST"]
command: ["dockerd-entrypoint.sh"]
variables: