Skip to content

Instantly share code, notes, and snippets.

View jpancoast's full-sized avatar

James Pancoast jpancoast

0 followers · 1 following
View GitHub Profile
@jpancoast
jpancoast / container_exec.sh
Last active April 2, 2024 17:54
I don't exec into containers enough to have this memorized, but I need to do it enough, so I whipped up this script.
#!/bin/bash
ERROR=0
#
# Default behavior is to run /bin/bash using podman, but if podman isn't installed,
# it SHOULD try docker
#
COMMAND="/bin/bash"
NAME_SERVICE="https://frightanic.com/goodies_content/docker-names.php"
CONTAINER_ID=""
@jpancoast
jpancoast / get_aws_iam_actions.sh
Created March 28, 2023 21:38
Get a json document of all the possible AWS IAM actions
#!/bin/bash
#
# Code basically from here:
# https://stackoverflow.com/a/70126555/1299336
#
curl --silent --compressed 'https://awspolicygen.s3.amazonaws.com/js/policies.js' | cut -d= -f2 | jq
@jpancoast
jpancoast / aws_sg_modifications_tf_only.md
Last active December 9, 2022 21:33
How to limit AWS Security Group Changes to terraform only

The idea came up awhile back to see if there was a way to limit AWS Security Group changes to ONLY Terraform. This is one way I figured out how to do it. Another way might be to create a specific terraform user and put the restriction in the policy that way. Or maybe add the Condition to the below policy.

None of these methods are fool proof. Usernames, User Agents, etc. can be spoofed. But it's better than nothing to help prevent people from making changes via the AWS Console and getting out of sync with whatever IAC solution you're using.

While this is specific for security groups, it should be simple to modify it for preventing modification of other things as well. Also, the UA is incredibly strict, you should change it to some wildcard matching so it doesn't break when you're using a new Terraform. Or, if you're wacky, you could use this to restrict which version(s) of TF to use, but that would be nuts. Also the policy is probably not perfect, this is just an example, yo!

Here's the policy I tested

@jpancoast
jpancoast / 1089_3_digit_numbers_math_trick.py
Last active December 9, 2022 20:03
1089 3 digit number math trick in python
#!/usr/bin/env python
'''
Note:
must be three digit numbers.
no digits can repeat (so no 989, 889, etc.)
'''
import sys
def main(argv):
@jpancoast
jpancoast / aws_env_vars.md
Last active April 5, 2016 19:04
Quick shell function to set AWS environment variables using ~/.aws/config

This works fine for me using zsh. I put it in a file called .functions that gets sourced when I login.

Assumptions:

  • you have a AWS credentials file that looks something like this:
[Credentials]
aws_access_key_id = <key_id>
aws_secret_access_key = <secret_key_id>
region = us-east-1
@jpancoast
jpancoast / running_docker_on_coreos_using_vagrant_on_osx.md
Last active December 13, 2015 03:50
Running Docker on coreos using Vagrant on OS X
@jpancoast
jpancoast / keybase.md
Created September 23, 2014 16:39

Keybase proof

I hereby claim:

  • I am jpancoast on github.
  • I am jpancoast (https://keybase.io/jpancoast) on keybase.
  • I have a public key whose fingerprint is 2F94 DA01 AAC2 67A9 612F 5FBB E783 1EB5 64E2 7257

To claim this, I am signing this object: