Hafiz Patwary hafizpatwary
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This cloudfront function rewrites request on the fly to match path on the origin | |
| // Note: cloudfront function only support ECMAScript (ES) version 5.1 | |
| // unlike lambda@edge cloudfront function are mighty quick Read more: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html | |
| function handler(event) { | |
| var request = event.request; | |
| console.log(request); | |
| if (request.uri.startsWith("/cook/")) { | |
| request.uri = request.uri.replace("/cook/", "/"); // removes the first occurrence of /cook/ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "EnforceCostCenterTag", | |
| "Effect": "Deny", | |
| "Action": [ | |
| "events:CreateEventBus", | |
| "iam:CreatePolicy", | |
| "iam:CreateRole", |
hafizpatwary
/ TagPolicy-CostCenter.json
Last active
December 4, 2023 17:04
AWS Tag Policy for CostCenter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "tags": { | |
| "CostCenter": { | |
| "tag_key": { | |
| "@@assign": "CostCenter" | |
| }, | |
| "tag_value": { | |
| "@@assign": [ | |
| "potato", | |
| "tomato", |
hafizpatwary
/ subnet-filter.tf
Last active
August 14, 2023 14:48
Filter public and private subnets from a list aws subnets in Terraform
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_eks_cluster" "cluster" { | |
| name = var.cluster_name | |
| } | |
| data "aws_route_table" "selected" { | |
| for_each = toset(data.aws_eks_cluster.cluster.vpc_config[0].subnet_ids) | |
| subnet_id = each.key | |
| } | |
| locals { |
hafizpatwary
/ oidc-terraform-thumbprint.tf
Last active
July 23, 2023 15:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" {} | |
| locals { | |
| github_actions_thumbprints = [ | |
| "1c58a3a8518e8759bf075b76b750d4f2df264fcd", | |
| "6938fd4d98bab03faadb97b34396831e3780aea1" | |
| ] | |
| } | |
| data "tls_certificate" "github_actions" { |
hafizpatwary
/ oidc-authentication-workflow.yaml
Created
July 23, 2023 11:44
Workflow that authenticates with OIDC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build infra | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| id-token: write # Required to get the ID Token that will be used for OIDC | |
| contents: read # This is required for actions/checkout |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_caller_identity" "current" {} | |
| locals { | |
| account_id = data.aws_caller_identity.current.account_id | |
| } | |
| resource "aws_iam_role" "gha_terraform" { | |
| name = "github-action-terraform" | |
| assume_role_policy = jsonencode({ | |
| Statement = [{ |
hafizpatwary
/ oidc-terraform-advanced.tf
Last active
July 23, 2023 15:31
oidc-terraform-advanced.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" {} | |
| locals { | |
| providers = { | |
| "GithubActions" = { | |
| "url": "https://token.actions.githubusercontent.com", | |
| "thumbprints": [ | |
| "1c58a3a8518e8759bf075b76b750d4f2df264fcd", | |
| "6938fd4d98bab03faadb97b34396831e3780aea1" | |
| ] |
hafizpatwary
/ static-setup-aws-secrets.yaml
Last active
July 7, 2023 11:26
Setup aws secrets [Static]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Setup aws secrets | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |