Skip to content

Instantly share code, notes, and snippets.

View jamesbjackson's full-sized avatar

James Jackson jamesbjackson

37 followers · 35 following
View GitHub Profile
@eldondevcg
eldondevcg / README.md
Last active November 18, 2020 10:31
Cross account bucket access for IAM roles

For: https://www.reddit.com/r/aws/comments/5jf7fb/permissions_for_lambda_accessing_s3_buckets_in/

This is a little tricky, because it requires several different moving parts, specifically,

  • the lambda task that you want to execute the copy must have IAM access to the bucket in the other account. This is not something that was obvious to me to begin with, although my use case was more complicated.
  • the bucket policy on the destination account must be set to permit your lambda function to write to that bucket. For my special use cases, I have to upload a new bucket policy daily to the receiving buckets. Alternatively, the destination accounts could probably give your a cross-account IAM role to upload the bucket policy yourself.
  • You will likely want to write your objects with the bucket-owner-full-control acl, http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html otherwise, the bucket owner may not be able to download them.
@mapmeld
mapmeld / OverEncrypt.md
Last active July 25, 2023 18:55
OverEncrypt - paranoid HTTPS

OverEncrypt

This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.

WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.

I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.

The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone

@onnimonni
onnimonni / validate_sha256sum
Last active August 18, 2022 15:28
Shell script to validate file sha256 hashes. I use this to check if downloaded binaries are correct in Dockerfiles. This might make updating harder but at least it you see which parts have been updated since the last run.
#!/bin/sh
##
# This script contains helper for sha256 validating your downloads
#
# Source: https://gist.github.com/onnimonni/b49779ebc96216771a6be3de46449fa1
# Author: Onni Hakala
# License: MIT
##
# Stop program and give error message
@double16
double16 / sh2ju.sh
Last active September 26, 2023 03:26
junit bash commands
#!/bin/bash
### Copyright 2010 Manuel Carrasco Moñino. (manolo at apache.org)
### Copyright 2016 Patrick Double (pat at patdouble.com)
###
### Licensed under the Apache License, Version 2.0.
### You may obtain a copy of it at
### http://www.apache.org/licenses/LICENSE-2.0
###
### A library for shell scripts which creates reports in jUnit format.
@jbuchbinder
jbuchbinder / fpm-openssl.sh
Created June 7, 2016 15:58
FPM OpenSSL build
#!/bin/bash
# fpm-openssl - @jbuchbinder
# Build script for recent openssl builds using FPM on EL7. Untar the release and run this script to build
# your RPM. Requires:
# - RPMS: ruby-devel make gcc rpm-build
# - GEMS: fpm
./config && make depend && make all && make install INSTALL_PREFIX=/tmp/openssl
fpm -s dir -t rpm -n openssl-recent \
@marcelog
marcelog / get_ec2_tag_value.sh
Created May 11, 2016 15:03
Part of: http://marcelog.github.io/articles/aws_get_tags_from_inside_instance_ec2.html
#!/bin/bash
aws ec2 describe-tags --filters "Name=resource-id,Values=${instance_id}" | grep -2 Environment | grep Value | tr -d ' ' | cut -f2 -d: | tr -d '"' | tr -d ',')
@jamesbjackson
jamesbjackson / rds.sh
Created April 27, 2016 10:17 — forked from onyxraven/rds.sh
Amazon RDS Performance Tuning Settings
#XLarge DBInstanceClassMemory = 15892177440 = 14.8GB
#/32 = 496630545 = 473MB
#/64 = 248315272 = 236MB
#/128 = 124157636 = 118MB
#/256 = 62078818 = 59MB
#/512 = 31039409 = 29MB
#/12582880 = 1263 #default same divisor as max_connections = 4041.6MB = 4237924762
#/25165760 = 623 # half of max_connections = 1993.6MB
#/50331520 = 315 # quarter of max_connections = 1008MB = 1056964608
#*(3/4) #default innodb pool size = 11922309120
@subfuzion
subfuzion / curl.md
Last active May 6, 2024 02:31
curl POST examples

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

@philandstuff
philandstuff / cfgmgmtcamp2016.org
Last active August 27, 2018 09:11
configuration management camp 2016 notes
@soumentrivedi
soumentrivedi / change_owner.sql
Last active September 27, 2018 13:57
Steps to perform pg_dump on Postgresql RDS instance
alter schema schema_name1 owner to rds_superuser;
alter schema schema_name2 owner to rds_superuser;
\dn;
CREATE FUNCTION exec(text) returns text language plpgsql volatile AS $f$
BEGIN EXECUTE $1; RETURN $1; END; $f$;
SELECT exec('ALTER TABLE ' || quote_ident(s.nspname) || '.' || quote_ident(s.relname) || ' OWNER TO rds_superuser')
FROM (
SELECT nspname, relname
FROM pg_class c JOIN pg_namespace n ON (c.relnamespace = n.oid)
WHERE nspname in ('schema_name1', 'schema_name2') AND