Skip to content

Instantly share code, notes, and snippets.

View klang's full-sized avatar
🏠
Working from the office

Karsten Lang klang

🏠
Working from the office
View GitHub Profile
@klang
klang / fix_in_cdk.py
Created April 6, 2022 09:04
Oracle has som annoying rules about passwords that don't seem to be followed by rds.Credentials.from_generated_secret(username="nexcom", exclude_characters="^ %+~`#&*()|[]{}:;,-<>?!'/\\\",="),
# Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance
# The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate
# the probability of generating a string that does NOT include at least 3 of the character groups indicated above.
exclude_characters=string.printable
.replace(string.ascii_letters, "")
.replace(string.digits, "")
.replace(string.whitespace, " ")
.replace('#', "")
.replace("$", "")
@klang
klang / cloudtrail-unique-users.sh
Created June 7, 2021 08:27
CloudTrail analysis
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UserAuthentication | jq '.Events|.[]|.Username' | sort | uniq
@klang
klang / bucket1.yaml
Created June 2, 2021 12:40
S3Bucket with notification
Resources:
Bucket:
Type: AWS::S3::Bucket
{
"Version": "2012-10-17",
"Id": "Policy1610637024575",
"Statement": [
{
"Sid": "Stmt1610637009631",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
@klang
klang / bettervpc.yaml
Last active February 5, 2021 10:25
simple vpc with a windows instance
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
VPCCIDR:
Type: String
Description: VPC address range
@klang
klang / readme.md
Last active February 4, 2021 08:56
The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template. This is an advanced way to roll out the role needed, in a multi account structure.

The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template.

This is an advanced way to roll out the role needed, in a multi account structure. If the Partner-Led customer is using AWS ControlTower or AWS LandingZone or some other home baked control mechanism under AWS Organizations, a StackSet is probably the way to go.

@klang
klang / readme.md
Last active October 16, 2020 11:00
Using AWS::SSM::Parameter to break AWS CloudFormation dependencies
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
@klang
klang / variables.tf
Created June 21, 2019 06:48
Terraform 0.12+ does not support "."'s in hash keys
locals {
project = "project-name"
env = {
# default.name = "default-workspace-name" # <= tf0.11 notation
default_name = "default-workspace-name" # <= tf0.12 notation
# other.name = "other-workspace-name"
other_name = "other-workspace-name"
}
name = "${lookup(local.env, "${terraform.workspace}_name")}"
}