Eric Evans eric-gonzales

## gist:f1a10212505a1df1fe190d3ea00c173d
{
"dateStart": "",
"dateEnd": "",
"personOne": "",
"personTwo": "",
"personThree": "",
"phoneOne": "",
"phoneTwo": "",
"phoneThree": ""
}

## YACHelpline.html
<!DOCTYPE html>

<html>
  <head>
    <meta charset="utf-8"/>
      <title>On Call Calendar</title>

      <!-- CSS only -->
      <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
  </head>

## Azure-DevOps-Kubernetes-Pipeline.yaml
#Triggers
trigger: none

#Variables
variables:
  vmImageName: 'ubuntu-latest'
  envName: 'dev'
  namespace: 'default'

#Stages

## lambda.js
const AWS = require('aws-sdk');
const docClient = new AWS.DynamoDB.DocumentClient({region: 'us-east-1'});

async function scanItem(params){
  try {
    const data = await docClient.scan(params).promise()
    return data
  } catch (err) {
    return err
  }

## vpc.ts
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom");

// Export a few resulting fields to make them easy to use:
export const vpcId = vpc.id;
export const vpcPrivateSubnetIds = vpc.privateSubnetIds;
export const vpcPublicSubnetIds = vpc.publicSubnetIds;

## security.csv

          
            
            Secrets Manager
            Parameter Store - Standard
            Parameter Store - Advanced
            Hashicorp Vault

            
              Access & Management Governance
              IAM Policies
              Limited
              IAM Policies
              Vault Policies

            
              Encryption at Rest
              AWS KMS
              AWS KMS
              AWS KMS
              AES-256

            
              Protection in Transit
              TLS, VPC Endpoints
              TLS, VPC Endpoints
              TLS, VPC Endpoints
              TLS, VPC Endpoints

## HashicorpVaultExamplePolicy.hcl
path "secret/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "secret/super-secret" {
  capabilities = ["deny"]
}

path "secret/restricted" {
  capabilities = ["create"]

## AWSSecretsManagerAccessPolicyExample.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:DescribeSecret",
                "secretsmanager:List*"
            ],
            "Resource": "*"

## backupKubernetes.sh
#!/bin/env bash

i=$((0))
for n in $(kubectl get -o=custom-columns=NAMESPACE:.metadata.namespace,KIND:.kind,NAME:.metadata.name pv,pvc,configmap,ingress,service,secret,deployment,statefulset,hpa,job,cronjob --all-namespaces | grep -v 'secrets/default-token')
do
    if (( $i < 1 )); then
        namespace=$n
        i=$(($i+1))
        if [[ "$namespace" == "PersistentVolume" ]]; then
            kind=$n

## Vault_Db_Backend.sh
vault write database/roles/dev-db-rw \
    db_name=dev-mariadb \
    creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO '{{name}}'@'%';" \
    revocation_statements="DROP USER IF EXISTS '{{name}}'@'%';"
    default_ttl="1h" \
    max_ttl="24h"
	{
	"dateStart": "",
	"dateEnd": "",
	"personOne": "",
	"personTwo": "",
	"personThree": "",
	"phoneOne": "",
	"phoneTwo": "",
	"phoneThree": ""
	}
	<!DOCTYPE html>

	<html>
	<head>
	<meta charset="utf-8"/>
	<title>On Call Calendar</title>

	<!-- CSS only -->
	<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
	</head>
	#Triggers
	trigger: none

	#Variables
	variables:
	vmImageName: 'ubuntu-latest'
	envName: 'dev'
	namespace: 'default'

	#Stages
	const AWS = require('aws-sdk');
	const docClient = new AWS.DynamoDB.DocumentClient({region: 'us-east-1'});

	async function scanItem(params){
	try {
	const data = await docClient.scan(params).promise()
	return data
	} catch (err) {
	return err
	}
	import * as awsx from "@pulumi/awsx";

	const vpc = new awsx.ec2.Vpc("custom");

	// Export a few resulting fields to make them easy to use:
	export const vpcId = vpc.id;
	export const vpcPrivateSubnetIds = vpc.privateSubnetIds;
	export const vpcPublicSubnetIds = vpc.publicSubnetIds;
	Secrets Manager	Parameter Store - Standard	Parameter Store - Advanced	Hashicorp Vault
Access & Management Governance	IAM Policies	Limited	IAM Policies	Vault Policies
Encryption at Rest	AWS KMS	AWS KMS	AWS KMS	AES-256
Protection in Transit	TLS, VPC Endpoints	TLS, VPC Endpoints	TLS, VPC Endpoints	TLS, VPC Endpoints
	path "secret/*" {
	capabilities = ["create", "read", "update", "delete", "list"]
	}

	path "secret/super-secret" {
	capabilities = ["deny"]
	}

	path "secret/restricted" {
	capabilities = ["create"]
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"secretsmanager:DescribeSecret",
	"secretsmanager:List*"
	],
	"Resource": "*"
	#!/bin/env bash

	i=$((0))
	for n in $(kubectl get -o=custom-columns=NAMESPACE:.metadata.namespace,KIND:.kind,NAME:.metadata.name pv,pvc,configmap,ingress,service,secret,deployment,statefulset,hpa,job,cronjob --all-namespaces \| grep -v 'secrets/default-token')
	do
	if (( $i < 1 )); then
	namespace=$n
	i=$(($i+1))
	if [[ "$namespace" == "PersistentVolume" ]]; then
	kind=$n
	vault write database/roles/dev-db-rw \
	db_name=dev-mariadb \
	creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT, INSERT, UPDATE, DELETE ON . TO '{{name}}'@'%';" \
	revocation_statements="DROP USER IF EXISTS '{{name}}'@'%';"
	default_ttl="1h" \
	max_ttl="24h"