Skip to content

Instantly share code, notes, and snippets.

View gbvanrenswoude's full-sized avatar

Gijs van Renswoude gbvanrenswoude

7 followers · 13 following
View GitHub Profile
@wvanderdeijl
wvanderdeijl / FEDERATION.md
Last active June 2, 2022 13:59

List of gists with federation examples

In a multi-cloud environment it is wise to use federated identities between different cloud environments. This removes the need to issue, manage, and rotate secrets. With federated identities a party running on (for example) Google Cloud can use the identity they already have within Google Cloud (attached to their VM or Cloud Function) to assume a federated AWS identity and then use that AWS identity to invoke API's from the other party. This could not only be custom API's (like API gateway), but since you fully impersonate an AWS identity (aka AWS Role) they could also invoke AWS own API's like S3.

Over time I've collected numerous samples of federation between different cloud providers. This is list of all of them:

@gbvanrenswoude
gbvanrenswoude / karpenter.ts
Created December 30, 2021 09:49
Karpenter Construct for AWS CDK v2
import { aws_eks as eks } from "aws-cdk-lib";
import { aws_iam as iam } from "aws-cdk-lib";
import { aws_ec2 as ec2 } from "aws-cdk-lib";
import { aws_ssm as ssm } from "aws-cdk-lib";
import { Construct } from "constructs";
import { Duration, CfnJson } from "aws-cdk-lib";
interface KarpenterProps {
/**
* The FargateCluster on which karpenter needs to be added
@wvanderdeijl
wvanderdeijl / federation.md
Last active January 12, 2024 16:32
Google Cloud service account to AWS Role federation

Google Cloud service account to AWS Role federation

inspired by https://github.com/shrikant0013/gcp-aws-webidentityfederation

  1. create an AWS Role configured for Web Identity federation using Cognito or any OpenID provider
  2. select Google as the Identity provider in the wizard
  3. set the audience to a dummy value and do not add any additional conditions in the setup wizard. We will edit the trust policy after completing the wizard.
  4. assign any permissions needed to the role
  5. read up on "Available keys for AWS web identity federation" at
@wvanderdeijl
wvanderdeijl / get-credentials.sh
Created March 30, 2021 14:42
Temporary AWS credentials from AWS Cognito Identity Pool (using Cognito User Pool)
export USR=xxxxxxxx
export PWD=xxxxxxxx
export COGNITO_CLIENT_ID=40qxxxxxxxxxxxxxxxxxxxxn40
# 12 digit numeric AWS account id
export AWS_ACCOUNT_ID=765000000630
export AWS_REGION=eu-central-1
export IDENTITY_POOL_GUID=e14xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxd89
export USER_POOL_ID=eu-central-1_oYTxxxxov
# sign in with username/password
@sam-lb
sam-lb / disgust.py
Created November 12, 2019 00:25
# I am ashamed for writing this.
import inspect;
class Cin:
""" time to whip out some python magic """
def __rshift__(self, other):
# I don't want to require that "other" is declared global.
cin = input();