Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Karsten Lang klang

🏠
Working from home
View GitHub Profile
@klang
klang / fix_in_cdk.py
Created Apr 6, 2022
Oracle has som annoying rules about passwords that don't seem to be followed by rds.Credentials.from_generated_secret(username="nexcom", exclude_characters="^ %+~`#&*()|[]{}:;,-<>?!'/\\\",="),
View fix_in_cdk.py
# Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance
# The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate
# the probability of generating a string that does NOT include at least 3 of the character groups indicated above.
exclude_characters=string.printable
.replace(string.ascii_letters, "")
.replace(string.digits, "")
.replace(string.whitespace, " ")
.replace('#', "")
.replace("$", "")
View cloudtrail-unique-users.sh
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UserAuthentication | jq '.Events|.[]|.Username' | sort | uniq
@klang
klang / bucket1.yaml
Created Jun 2, 2021
S3Bucket with notification
View bucket1.yaml
Resources:
Bucket:
Type: AWS::S3::Bucket
View s3_object
{
"Version": "2012-10-17",
"Id": "Policy1610637024575",
"Statement": [
{
"Sid": "Stmt1610637009631",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
@klang
klang / bettervpc.yaml
Last active Feb 5, 2021
simple vpc with a windows instance
View bettervpc.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
VPCCIDR:
Type: String
Description: VPC address range
@klang
klang / readme.md
Last active Feb 4, 2021
The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template. This is an advanced way to roll out the role needed, in a multi account structure.
View readme.md

The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template.

This is an advanced way to roll out the role needed, in a multi account structure. If the Partner-Led customer is using AWS ControlTower or AWS LandingZone or some other home baked control mechanism under AWS Organizations, a StackSet is probably the way to go.

@klang
klang / readme.md
Last active Oct 16, 2020
Using AWS::SSM::Parameter to break AWS CloudFormation dependencies
View readme.md
View AWSLandingZoneAdminExecutionRolesParameter.yaml
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
View AWSCloudFormationStackSetExecutionRole.yaml
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
@klang
klang / variables.tf
Created Jun 21, 2019
Terraform 0.12+ does not support "."'s in hash keys
View variables.tf
locals {
project = "project-name"
env = {
# default.name = "default-workspace-name" # <= tf0.11 notation
default_name = "default-workspace-name" # <= tf0.12 notation
# other.name = "other-workspace-name"
other_name = "other-workspace-name"
}
name = "${lookup(local.env, "${terraform.workspace}_name")}"
}