Skip to content

Instantly share code, notes, and snippets.

View diogoaurelio's full-sized avatar

daurelio diogoaurelio

26 followers · 43 following
View GitHub Profile
@diogoaurelio
diogoaurelio / aws_network_inspec.rb
Created April 13, 2021 16:46
InSpec example controls related to AWS Network
# encoding: utf-8
# copyright: 2021, mk::labs
title 'Network related resources compliance checks'
control 'Security groups hardening default - port 22' do
impact 0.7
title 'Ensure default security groups do not allow port 22'
desc 'Ensure default security groups do not allow port 22'
@diogoaurelio
diogoaurelio / aws_iam_inspec_control.rb
Created April 13, 2021 16:43
InSpec IAM control
# encoding: utf-8
# copyright: 2021, mk::labs
title 'general AWS IAM account best practices'
control 'All human users should have MFA enabled' do
impact 0.7
title 'Ensure there all human users have MFA enabled'
desc 'Ensure there all human users have MFA enabled'
@diogoaurelio
diogoaurelio / terraform_compliance_bucket_example.compliance
Created March 26, 2021 09:39
Terraform-compliance example bucket policy
Feature: Buckets config
Scenario: encryption at rest
Given I have AWS S3 Bucket defined
Then encryption at rest must be enabled
Scenario: resources are tagged
Given I have AWS S3 Bucket defined
Then it must contain tags
And its value must not be null
@diogoaurelio
diogoaurelio / terratest_base_example.go
Created March 22, 2021 16:42
terratest test example environment
package tests
import (
"fmt"
"github.com/gruntwork-io/terratest/modules/random"
"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
"strings"
"testing"
)
@diogoaurelio
diogoaurelio / terratest_aws_example_skelleton.go
Created March 22, 2021 15:51
terratest basic skelleton
package tests
import (
"github.com/gruntwork-io/terratest/modules/aws"
"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
"testing"
)
func TestTerraformAwsEnvironment(t *testing.T) {
@diogoaurelio
diogoaurelio / terraform_validate_wrong_resources.tf
Last active March 21, 2021 16:25
terraform_validate_resources
# terraform validate will catch typo in resource reference
resource "aws_s3_bukcet" "wrong_resource" {
name = "my-bucket"
}
# terraform validate will catch wrong CIDR
resource "aws_vpc" "default" {
cidr_block = "0.0.0.0/0"
}
@diogoaurelio
diogoaurelio / jupyter_notebook_cloudera_setup.sh
Last active January 15, 2020 11:21
Bash script to setup python jupyter notebook with Cloudera Spark2
#!/usr/bin/env bash
set -x -e
JUPYTER_PASSWORD=${1:-myJupyterPassword}
PYTHON_VERSION=${2:-3.5}
test -d ~/venv_notebooks || python -m virtualenv venv_notebooks --python=python$PYTHON_VERSION
. venv_notebooks/bin/activate
@diogoaurelio
diogoaurelio / aws_nuke_sample_config_nuke_only_target.yaml
Last active February 8, 2019 17:17
AWS nuke sample config nuke some specific targets
regions:
- eu-west-1
account-blacklist:
- "999999999999" # production
resource-types:
# only nuke these three resources
targets:
@diogoaurelio
diogoaurelio / aws_nuke_sample_config_nuke_everything_except.yaml
Created February 8, 2019 16:47
AWS nuke sample config nuke everything except a given IAM resource
regions:
- eu-west-1
account-blacklist:
- "999999999999" # production
resource-types:
@diogoaurelio
diogoaurelio / install_aws_nuke.sh
Created February 8, 2019 10:41
Install AWS-nuke utility script for Ubuntu
export AWS_NUKE_VERSION=2.7.0
sudo apt-get install -y wget
wget https://github.com/rebuy-de/aws-nuke/releases/download/v$AWS_NUKE_VERSION/aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz --no-check-certificate
tar xvf aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz
chmod +x aws-nuke-v$AWS_NUKE_VERSION-linux-amd64
sudo mv aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 /usr/local/bin/aws-nuke
# test it
aws-nuke --help