Skip to content

Instantly share code, notes, and snippets.

Emiliano 'AlberT' Gabrielli drAlberT

View GitHub Profile
View aws_iam_auth_mfa.sh
#!/usr/bin/env bash
USER=${1?specify the user}
PROFILE=${AWS_PROFILE:-$2}
ACCOUNT_ID=${ACCOUNT_ID:-$3}
set -ue -o pipefail
echo -n "Enter MFA code for arn:aws:iam::${ACCOUNT_ID}:mfa/${USER}: "
read MFA_CODE
@drAlberT
drAlberT / aws-cli-saml-auth.sh
Last active Jul 14, 2019
AWS CloudFormation
View aws-cli-saml-auth.sh
#!/bin/bash
# A shell script to help getting SAML credentials into `~/.aws/credentials`
# Login URL https://sts.asdasd.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=urn:amazon:webservices
LSE_AWS_ACCOUNT=0123456789
LSE_AWS_ROLE="asdasdasd-role"
LSE_AWS_PROFILE="asdasd-saml"
LSE_SAML_PROVIDER="STS.ASDASD.COM"
LSE_SAML_RESPONSE="PHNhbWxwOlJlc3 [..] vbnNlPg=="
@drAlberT
drAlberT / post-checkout
Last active Feb 11, 2019
Automatically update git sub-modules
View post-checkout
#!/usr/bin/env bash
#
# Quick script to automatically update git submodules on checkout.
# Save it in the repo `.git/hooks` dir and make it executable
#echo "post-checkout hook: '$1' '$2' '$3'"
oldRef=$1
newRef=$2
@drAlberT
drAlberT / AWS-IAM-enforce-mfa.policy.json
Created Sep 7, 2018
AWS IAM :: Enforce MFA both on Console and CLI
View AWS-IAM-enforce-mfa.policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllUsersToListAccountAliases",
"Effect": "Allow",
"Action": [
"iam:ListAccountAliases"
],
"Resource": [
@drAlberT
drAlberT / ansible-role-test.sh
Created Feb 7, 2018 — forked from geerlingguy/ansible-role-test.sh
Ansible Role Test Shim Script
View ansible-role-test.sh
#!/bin/bash
#
# Ansible role test shim.
#
# Usage: [OPTIONS] ./tests/test.sh
# - distro: a supported Docker distro version (default = "centos7")
# - playbook: a playbook in the tests directory (default = "test.yml")
# - cleanup: whether to remove the Docker container (default = true)
# - container_id: the --name to set for the container (default = timestamp)
# - test_idempotence: whether to test playbook's idempotence (default = true)
@drAlberT
drAlberT / role_arn_to_session.py
Created Jan 24, 2018 — forked from gene1wood/role_arn_to_session.py
Simple python function to assume an AWS IAM Role from a role ARN and return a boto3 session object
View role_arn_to_session.py
import boto3
def role_arn_to_session(**args):
"""
Usage :
session = role_arn_to_session(
RoleArn='arn:aws:iam::012345678901:role/example-role',
RoleSessionName='ExampleSessionName')
client = session.client('sqs')
"""
View newrelic-delete-inactive-servers.py
import requests
import json
import datetime, time
NEWRELIC_API_KEY = "YOUR_KEY_HERE"
HOURS_TO_KEEP = 6
HEADERS = {"X-Api-Key": NEWRELIC_API_KEY}
@drAlberT
drAlberT / nginx_change_default_server.sh
Last active Nov 7, 2017
AWS user_data snippets collection
View nginx_change_default_server.sh
#!/usr/bin/env bash
CONF_DIR="/etc/nginx/sites-enabled"
OLD_DEFAULT="default"
NEW_DEFAULT="api"
# remove old default
sed -i'' -e 's/\s*default_server\s*//' "${CONF_DIR}/${OLD_DEFAULT}"
# set new default
View lambdaAMIBackups.py
# Automated AMI Backups
#
# @author Robert Kozora <bobby@kozora.me>
#
# This script will search for all instances having a tag with "Backup" or "backup"
# on it. As soon as we have the instances list, we loop through each instance
# and create an AMI of it. Also, it will look for a "Retention" tag key which
# will be used as a retention policy number in days. If there is no tag with
# that name, it will use a 7 days default value for each AMI.
#
@drAlberT
drAlberT / lambdaAMICleanup.py
Created Nov 3, 2017 — forked from bkozora/lambdaAMICleanup.py
AWS Lambda Function to Delete AMIs and Snapshots
View lambdaAMICleanup.py
# Automated AMI and Snapshot Deletion
#
# @author Robert Kozora <bobby@kozora.me>
#
# This script will search for all instances having a tag with "Backup" or "backup"
# on it. As soon as we have the instances list, we loop through each instance
# and reference the AMIs of that instance. We check that the latest daily backup
# succeeded then we store every image that's reached its DeleteOn tag's date for
# deletion. We then loop through the AMIs, deregister them and remove all the
# snapshots associated with that AMI.
You can’t perform that action at this time.