diogoaurelio
diogoaurelio
/ aws_network_inspec.rb
Created
April 13, 2021 16:46
InSpec example controls related to AWS Network
View aws_network_inspec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # encoding: utf-8 | |
| # copyright: 2021, mk::labs | |
| title 'Network related resources compliance checks' | |
| control 'Security groups hardening default - port 22' do | |
| impact 0.7 | |
| title 'Ensure default security groups do not allow port 22' | |
| desc 'Ensure default security groups do not allow port 22' |
View aws_iam_inspec_control.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # encoding: utf-8 | |
| # copyright: 2021, mk::labs | |
| title 'general AWS IAM account best practices' | |
| control 'All human users should have MFA enabled' do | |
| impact 0.7 | |
| title 'Ensure there all human users have MFA enabled' | |
| desc 'Ensure there all human users have MFA enabled' |
diogoaurelio
/ terraform_compliance_bucket_example.compliance
Created
March 26, 2021 09:39
Terraform-compliance example bucket policy
View terraform_compliance_bucket_example.compliance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Feature: Buckets config | |
| Scenario: encryption at rest | |
| Given I have AWS S3 Bucket defined | |
| Then encryption at rest must be enabled | |
| Scenario: resources are tagged | |
| Given I have AWS S3 Bucket defined | |
| Then it must contain tags | |
| And its value must not be null |
diogoaurelio
/ terratest_base_example.go
Created
March 22, 2021 16:42
terratest test example environment
View terratest_base_example.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package tests | |
| import ( | |
| "fmt" | |
| "github.com/gruntwork-io/terratest/modules/random" | |
| "github.com/gruntwork-io/terratest/modules/terraform" | |
| "github.com/stretchr/testify/assert" | |
| "strings" | |
| "testing" | |
| ) |
diogoaurelio
/ terratest_aws_example_skelleton.go
Created
March 22, 2021 15:51
terratest basic skelleton
View terratest_aws_example_skelleton.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package tests | |
| import ( | |
| "github.com/gruntwork-io/terratest/modules/aws" | |
| "github.com/gruntwork-io/terratest/modules/terraform" | |
| "github.com/stretchr/testify/assert" | |
| "testing" | |
| ) | |
| func TestTerraformAwsEnvironment(t *testing.T) { |
diogoaurelio
/ terraform_validate_wrong_resources.tf
Last active
March 21, 2021 16:25
terraform_validate_resources
View terraform_validate_wrong_resources.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # terraform validate will catch typo in resource reference | |
| resource "aws_s3_bukcet" "wrong_resource" { | |
| name = "my-bucket" | |
| } | |
| # terraform validate will catch wrong CIDR | |
| resource "aws_vpc" "default" { | |
| cidr_block = "0.0.0.0/0" | |
| } |
diogoaurelio
/ jupyter_notebook_cloudera_setup.sh
Last active
January 15, 2020 11:21
Bash script to setup python jupyter notebook with Cloudera Spark2
View jupyter_notebook_cloudera_setup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -x -e | |
| JUPYTER_PASSWORD=${1:-myJupyterPassword} | |
| PYTHON_VERSION=${2:-3.5} | |
| test -d ~/venv_notebooks || python -m virtualenv venv_notebooks --python=python$PYTHON_VERSION | |
| . venv_notebooks/bin/activate |
diogoaurelio
/ aws_nuke_sample_config_nuke_only_target.yaml
Last active
February 8, 2019 17:17
AWS nuke sample config nuke some specific targets
View aws_nuke_sample_config_nuke_only_target.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| regions: | |
| - eu-west-1 | |
| account-blacklist: | |
| - "999999999999" # production | |
| resource-types: | |
| # only nuke these three resources | |
| targets: |
diogoaurelio
/ aws_nuke_sample_config_nuke_everything_except.yaml
Created
February 8, 2019 16:47
AWS nuke sample config nuke everything except a given IAM resource
View aws_nuke_sample_config_nuke_everything_except.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| regions: | |
| - eu-west-1 | |
| account-blacklist: | |
| - "999999999999" # production | |
| resource-types: | |
diogoaurelio
/ install_aws_nuke.sh
Created
February 8, 2019 10:41
Install AWS-nuke utility script for Ubuntu
View install_aws_nuke.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export AWS_NUKE_VERSION=2.7.0 | |
| sudo apt-get install -y wget | |
| wget https://github.com/rebuy-de/aws-nuke/releases/download/v$AWS_NUKE_VERSION/aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz --no-check-certificate | |
| tar xvf aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz | |
| chmod +x aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 | |
| sudo mv aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 /usr/local/bin/aws-nuke | |
| # test it | |
| aws-nuke --help |
NewerOlder