Skip to content

Instantly share code, notes, and snippets.

@diogoaurelio
diogoaurelio / aws_network_inspec.rb
Created Apr 13, 2021
InSpec example controls related to AWS Network
View aws_network_inspec.rb
# encoding: utf-8
# copyright: 2021, mk::labs
title 'Network related resources compliance checks'
control 'Security groups hardening default - port 22' do
impact 0.7
title 'Ensure default security groups do not allow port 22'
desc 'Ensure default security groups do not allow port 22'
View aws_iam_inspec_control.rb
# encoding: utf-8
# copyright: 2021, mk::labs
title 'general AWS IAM account best practices'
control 'All human users should have MFA enabled' do
impact 0.7
title 'Ensure there all human users have MFA enabled'
desc 'Ensure there all human users have MFA enabled'
@diogoaurelio
diogoaurelio / terraform_compliance_bucket_example.compliance
Created Mar 26, 2021
Terraform-compliance example bucket policy
View terraform_compliance_bucket_example.compliance
Feature: Buckets config
Scenario: encryption at rest
Given I have AWS S3 Bucket defined
Then encryption at rest must be enabled
Scenario: resources are tagged
Given I have AWS S3 Bucket defined
Then it must contain tags
And its value must not be null
@diogoaurelio
diogoaurelio / terratest_base_example.go
Created Mar 22, 2021
terratest test example environment
View terratest_base_example.go
package tests
import (
"fmt"
"github.com/gruntwork-io/terratest/modules/random"
"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
"strings"
"testing"
)
View terratest_aws_example_skelleton.go
package tests
import (
"github.com/gruntwork-io/terratest/modules/aws"
"github.com/gruntwork-io/terratest/modules/terraform"
"github.com/stretchr/testify/assert"
"testing"
)
func TestTerraformAwsEnvironment(t *testing.T) {
View terraform_validate_wrong_resources.tf
# terraform validate will catch typo in resource reference
resource "aws_s3_bukcet" "wrong_resource" {
name = "my-bucket"
}
# terraform validate will catch wrong CIDR
resource "aws_vpc" "default" {
cidr_block = "0.0.0.0/0"
}
@diogoaurelio
diogoaurelio / jupyter_notebook_cloudera_setup.sh
Last active Jan 15, 2020
Bash script to setup python jupyter notebook with Cloudera Spark2
View jupyter_notebook_cloudera_setup.sh
#!/usr/bin/env bash
set -x -e
JUPYTER_PASSWORD=${1:-myJupyterPassword}
PYTHON_VERSION=${2:-3.5}
test -d ~/venv_notebooks || python -m virtualenv venv_notebooks --python=python$PYTHON_VERSION
. venv_notebooks/bin/activate
@diogoaurelio
diogoaurelio / aws_nuke_sample_config_nuke_only_target.yaml
Last active Feb 8, 2019
AWS nuke sample config nuke some specific targets
View aws_nuke_sample_config_nuke_only_target.yaml
regions:
- eu-west-1
account-blacklist:
- "999999999999" # production
resource-types:
# only nuke these three resources
targets:
@diogoaurelio
diogoaurelio / aws_nuke_sample_config_nuke_everything_except.yaml
Created Feb 8, 2019
AWS nuke sample config nuke everything except a given IAM resource
View aws_nuke_sample_config_nuke_everything_except.yaml
regions:
- eu-west-1
account-blacklist:
- "999999999999" # production
resource-types:
@diogoaurelio
diogoaurelio / install_aws_nuke.sh
Created Feb 8, 2019
Install AWS-nuke utility script for Ubuntu
View install_aws_nuke.sh
export AWS_NUKE_VERSION=2.7.0
sudo apt-get install -y wget
wget https://github.com/rebuy-de/aws-nuke/releases/download/v$AWS_NUKE_VERSION/aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz --no-check-certificate
tar xvf aws-nuke-v$AWS_NUKE_VERSION-linux-amd64.tar.gz
chmod +x aws-nuke-v$AWS_NUKE_VERSION-linux-amd64
sudo mv aws-nuke-v$AWS_NUKE_VERSION-linux-amd64 /usr/local/bin/aws-nuke
# test it
aws-nuke --help