Emiliano 'AlberT' Gabrielli drAlberT

## gist:5b48511ec4b891ccd88b1104e84229fe

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                drAlberT
                / gist:5b48511ec4b891ccd88b1104e84229fe
            
            
              Created
              February 26, 2023 17:14
                — forked from v-rosa/gist:aa9c8afd44d66c3a81b9920a1bc90e42
            
              
                Use private GitHub hosted terraform modules with AFT v1.5.1
              
          
    I'll try to share my approach to use private GitHub hosted terraform modules with AFT v1.5.1. It relies on GH App to create ephemeral tokens during Global Customization stage which will share with the target account so it can be used during Account Customization stage.
Relates to: aws-ia/terraform-aws-control_tower_account_factory#42
Pre-requirements:

Create a GH APP:

Permissions: allow the clone of repositories
Set to a restricted list of terraform modules repos


Create parameter store entries for GH_APP pem, id and installation_id under AFT_MGT account


## ansible-role-test.sh
#!/bin/bash
#
# Ansible role test shim.
#
# Usage: [OPTIONS] ./tests/test.sh
#   - distro: a supported Docker distro version (default = "centos7")
#   - playbook: a playbook in the tests directory (default = "test.yml")
#   - cleanup: whether to remove the Docker container (default = true)
#   - container_id: the --name to set for the container (default = timestamp)
#   - test_idempotence: whether to test playbook's idempotence (default = true)

## role_arn_to_session.py
import boto3

def role_arn_to_session(**args):
    """
    Usage :
        session = role_arn_to_session(
            RoleArn='arn:aws:iam::012345678901:role/example-role',
            RoleSessionName='ExampleSessionName')
        client = session.client('sqs')
    """

## lambdaAMIBackups.py
# Automated AMI Backups
#
# @author Robert Kozora <bobby@kozora.me>
#
# This script will search for all instances having a tag with "Backup" or "backup"
# on it. As soon as we have the instances list, we loop through each instance
# and create an AMI of it. Also, it will look for a "Retention" tag key which
# will be used as a retention policy number in days. If there is no tag with
# that name, it will use a 7 days default value for each AMI.
#

## lambdaAMICleanup.py
# Automated AMI and Snapshot Deletion
#
# @author Robert Kozora <bobby@kozora.me>
#
# This script will search for all instances having a tag with "Backup" or "backup"
# on it. As soon as we have the instances list, we loop through each instance
# and reference the AMIs of that instance. We check that the latest daily backup
# succeeded then we store every image that's reached its DeleteOn tag's date for
# deletion. We then loop through the AMIs, deregister them and remove all the
# snapshots associated with that AMI.

## group-by-ip.sql
SELECT
	tmp.ipAddress,

	-- Calculate how many connections are being held by this IP address.
	COUNT( * ) AS ipAddressCount,

	-- For each connection, the TIME column represent how many SECONDS it has been in
	-- its current state. Running some aggregates will give us a fuzzy picture of what
	-- the connections from this IP address is doing.
	FLOOR( AVG( tmp.time ) ) AS timeAVG,
	#!/bin/bash
	#
	# Ansible role test shim.
	#
	# Usage: [OPTIONS] ./tests/test.sh
	# - distro: a supported Docker distro version (default = "centos7")
	# - playbook: a playbook in the tests directory (default = "test.yml")
	# - cleanup: whether to remove the Docker container (default = true)
	# - container_id: the --name to set for the container (default = timestamp)
	# - test_idempotence: whether to test playbook's idempotence (default = true)
	import boto3

	def role_arn_to_session(**args):
	"""
	Usage :
	session = role_arn_to_session(
	RoleArn='arn:aws:iam::012345678901:role/example-role',
	RoleSessionName='ExampleSessionName')
	client = session.client('sqs')
	"""
	# Automated AMI Backups
	#
	# @author Robert Kozora <bobby@kozora.me>
	#
	# This script will search for all instances having a tag with "Backup" or "backup"
	# on it. As soon as we have the instances list, we loop through each instance
	# and create an AMI of it. Also, it will look for a "Retention" tag key which
	# will be used as a retention policy number in days. If there is no tag with
	# that name, it will use a 7 days default value for each AMI.
	#
	# Automated AMI and Snapshot Deletion
	#
	# @author Robert Kozora <bobby@kozora.me>
	#
	# This script will search for all instances having a tag with "Backup" or "backup"
	# on it. As soon as we have the instances list, we loop through each instance
	# and reference the AMIs of that instance. We check that the latest daily backup
	# succeeded then we store every image that's reached its DeleteOn tag's date for
	# deletion. We then loop through the AMIs, deregister them and remove all the
	# snapshots associated with that AMI.
	SELECT
	tmp.ipAddress,

	-- Calculate how many connections are being held by this IP address.
	COUNT( * ) AS ipAddressCount,

	-- For each connection, the TIME column represent how many SECONDS it has been in
	-- its current state. Running some aggregates will give us a fuzzy picture of what
	-- the connections from this IP address is doing.
	FLOOR( AVG( tmp.time ) ) AS timeAVG,