ufw [--dry-run] enable|disable|reload
ufw [--dry-run] default allow|deny|reject [incoming|outgoing]
ufw [--dry-run] logging on|off|LEVEL
toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog
I'll try to share my approach to use private GitHub hosted terraform modules with AFT v1.5.1. It relies on GH App to create ephemeral tokens during Global Customization stage which will share with the target account so it can be used during Account Customization stage.
Relates to: aws-ia/terraform-aws-control_tower_account_factory#42
Pre-requirements:
- Create a GH APP:
- Permissions: allow the clone of repositories
- Set to a restricted list of terraform modules repos
- Create parameter store entries for GH_APP pem, id and installation_id under AFT_MGT account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Updates docker-compose to the latest release | |
# | |
# Author: Emiliano Gabrielli <albert@faktiva.com> | |
DESTINATION_FILE="${DESTINATION_FILE:-$(command -v docker-compose)}" | |
set -e -o pipefail |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
USER=${1?specify the user} | |
PROFILE=${AWS_PROFILE:-$2} | |
ACCOUNT_ID=${ACCOUNT_ID:-$3} | |
set -ue -o pipefail | |
echo -n "Enter MFA code for arn:aws:iam::${ACCOUNT_ID}:mfa/${USER}: " | |
read MFA_CODE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# A shell script to help getting SAML credentials into `~/.aws/credentials` | |
# Login URL https://sts.asdasd.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=urn:amazon:webservices | |
LSE_AWS_ACCOUNT=0123456789 | |
LSE_AWS_ROLE="asdasdasd-role" | |
LSE_AWS_PROFILE="asdasd-saml" | |
LSE_SAML_PROVIDER="STS.ASDASD.COM" | |
LSE_SAML_RESPONSE="PHNhbWxwOlJlc3 [..] vbnNlPg==" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# Quick script to automatically update git submodules on checkout. | |
# Save it in the repo `.git/hooks` dir and make it executable | |
#echo "post-checkout hook: '$1' '$2' '$3'" | |
oldRef=$1 | |
newRef=$2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "AllowAllUsersToListAccountAliases", | |
"Effect": "Allow", | |
"Action": [ | |
"iam:ListAccountAliases" | |
], | |
"Resource": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT | |
tmp.ipAddress, | |
-- Calculate how many connections are being held by this IP address. | |
COUNT( * ) AS ipAddressCount, | |
-- For each connection, the TIME column represent how many SECONDS it has been in | |
-- its current state. Running some aggregates will give us a fuzzy picture of what | |
-- the connections from this IP address is doing. | |
FLOOR( AVG( tmp.time ) ) AS timeAVG, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Ansible role test shim. | |
# | |
# Usage: [OPTIONS] ./tests/test.sh | |
# - distro: a supported Docker distro version (default = "centos7") | |
# - playbook: a playbook in the tests directory (default = "test.yml") | |
# - cleanup: whether to remove the Docker container (default = true) | |
# - container_id: the --name to set for the container (default = timestamp) | |
# - test_idempotence: whether to test playbook's idempotence (default = true) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import boto3 | |
def role_arn_to_session(**args): | |
""" | |
Usage : | |
session = role_arn_to_session( | |
RoleArn='arn:aws:iam::012345678901:role/example-role', | |
RoleSessionName='ExampleSessionName') | |
client = session.client('sqs') | |
""" |
NewerOlder