j25519
j25519
/ AllowFullEC2.json
Created
July 2, 2025 15:30
Allow AWS IAM user to only access EC2 resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowAllEC2Actions", | |
| "Effect": "Allow", | |
| "Action": "ec2:*", | |
| "Resource": "*" | |
| }, | |
| { |
j25519
/ cloudflare-worker-s3-react-sites-csp.js
Created
May 19, 2025 15:54
Cloudflare Worker for AWS S3 hosted static React sites (SPA routing and secure headers) with CSP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export default { | |
| async fetch(request) { | |
| // SPA routing: Rewrite non-asset paths to index.html | |
| const url = new URL(request.url); | |
| if (!url.pathname.startsWith('/assets/') && !url.pathname.includes('.')) { | |
| url.pathname = '/index.html'; | |
| } | |
| const s3Url = `http://YOUR-BUCKET-NAME.s3-website.eu-west-2.amazonaws.com${url.pathname}`; | |
| // Fetch the origin's response |
j25519
/ EnforceMFA.json
Last active
July 2, 2025 15:28
AWS IAM policy to enforce MFA for all users (allows access to MFA settings so users can activate and configure MFA but nothing else until it's configured)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowMFAManagementAndPasswordChange", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "iam:CreateVirtualMFADevice", | |
| "iam:EnableMFADevice", | |
| "iam:ResyncMFADevice", |
j25519
/ cloudflare-worker-s3-react-sites.js
Last active
May 19, 2025 10:44
Cloudflare Worker for AWS S3 hosted static React sites (SPA routing and secure headers)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export default { | |
| async fetch(request) { | |
| // SPA routing: Rewrite non-asset paths to index.html | |
| const url = new URL(request.url); | |
| if (!url.pathname.startsWith('/assets/') && !url.pathname.includes('.')) { | |
| url.pathname = '/index.html'; | |
| } | |
| // Fill in your bucket name and change eu-west-2 if needed | |
| const s3Url = `http://YOUR-BUCKET-NAME.s3-website.eu-west-2.amazonaws.com${url.pathname}`; | |