drAlberT

UFW cheat sheet

Usage

ufw [--dry-run] enable|disable|reload
ufw [--dry-run] default allow|deny|reject [incoming|outgoing]
ufw [--dry-run] logging on|off|LEVEL
    toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog

drAlberT

I'll try to share my approach to use private GitHub hosted terraform modules with AFT v1.5.1. It relies on GH App to create ephemeral tokens during Global Customization stage which will share with the target account so it can be used during Account Customization stage.

Relates to: aws-ia/terraform-aws-control_tower_account_factory#42

Pre-requirements:

• Create a GH APP:
  • Permissions: allow the clone of repositories
  • Set to a restricted list of terraform modules repos
• Create parameter store entries for GH_APP pem, id and installation_id under AFT_MGT account

drAlberT

#!/bin/bash
#
# Updates docker-compose to the latest release
#
# Author: Emiliano Gabrielli <albert@faktiva.com>

DESTINATION_FILE="${DESTINATION_FILE:-$(command -v docker-compose)}"

set -e -o pipefail

drAlberT

#!/usr/bin/env bash

USER=${1?specify the user}
PROFILE=${AWS_PROFILE:-$2}
ACCOUNT_ID=${ACCOUNT_ID:-$3}

set -ue -o pipefail

echo -n "Enter MFA code for arn:aws:iam::${ACCOUNT_ID}:mfa/${USER}: "
read MFA_CODE

drAlberT

#!/bin/bash
# A shell script to help getting SAML credentials into `~/.aws/credentials`

# Login URL https://sts.asdasd.com/adfs/ls/idpinitiatedsignon.aspx?loginToRp=urn:amazon:webservices

LSE_AWS_ACCOUNT=0123456789
LSE_AWS_ROLE="asdasdasd-role"
LSE_AWS_PROFILE="asdasd-saml"
LSE_SAML_PROVIDER="STS.ASDASD.COM"
LSE_SAML_RESPONSE="PHNhbWxwOlJlc3 [..] vbnNlPg=="

drAlberT

#!/usr/bin/env bash
#
# Quick script to automatically update git submodules on checkout.
# Save it in the repo `.git/hooks` dir and make it executable

#echo "post-checkout hook: '$1' '$2' '$3'"

oldRef=$1
newRef=$2

drAlberT

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowAllUsersToListAccountAliases",
            "Effect": "Allow",
            "Action": [
                "iam:ListAccountAliases"
            ],
            "Resource": [

drAlberT

SELECT
	tmp.ipAddress,

	-- Calculate how many connections are being held by this IP address.
	COUNT( * ) AS ipAddressCount,

	-- For each connection, the TIME column represent how many SECONDS it has been in
	-- its current state. Running some aggregates will give us a fuzzy picture of what
	-- the connections from this IP address is doing.
	FLOOR( AVG( tmp.time ) ) AS timeAVG,

drAlberT

#!/bin/bash
#
# Ansible role test shim.
#
# Usage: [OPTIONS] ./tests/test.sh
#   - distro: a supported Docker distro version (default = "centos7")
#   - playbook: a playbook in the tests directory (default = "test.yml")
#   - cleanup: whether to remove the Docker container (default = true)
#   - container_id: the --name to set for the container (default = timestamp)
#   - test_idempotence: whether to test playbook's idempotence (default = true)

drAlberT

import boto3

def role_arn_to_session(**args):
    """
    Usage :
        session = role_arn_to_session(
            RoleArn='arn:aws:iam::012345678901:role/example-role',
            RoleSessionName='ExampleSessionName')
        client = session.client('sqs')
    """