Skip to content

Instantly share code, notes, and snippets.

View klang's full-sized avatar
🏠
Working from the office

Karsten Lang klang

🏠
Working from the office
View GitHub Profile
@klang
klang / fix_in_cdk.py
Created April 6, 2022 09:04
Oracle has som annoying rules about passwords that don't seem to be followed by rds.Credentials.from_generated_secret(username="nexcom", exclude_characters="^ %+~`#&*()|[]{}:;,-<>?!'/\\\",="),
# Another way to fix this is to let SecretsManager handle it when creating/updating the DatabaseInstance
# The SecretsManager will produce a 30 character string and I’ll leave it as an exercise to the reader to calculate
# the probability of generating a string that does NOT include at least 3 of the character groups indicated above.
exclude_characters=string.printable
.replace(string.ascii_letters, "")
.replace(string.digits, "")
.replace(string.whitespace, " ")
.replace('#', "")
.replace("$", "")
@klang
klang / cloudtrail-unique-users.sh
Created June 7, 2021 08:27
CloudTrail analysis
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=UserAuthentication | jq '.Events|.[]|.Username' | sort | uniq
@klang
klang / bucket1.yaml
Created June 2, 2021 12:40
S3Bucket with notification
Resources:
Bucket:
Type: AWS::S3::Bucket
{
"Version": "2012-10-17",
"Id": "Policy1610637024575",
"Statement": [
{
"Sid": "Stmt1610637009631",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
@klang
klang / bettervpc.yaml
Last active February 5, 2021 10:25
simple vpc with a windows instance
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
VPCCIDR:
Type: String
Description: VPC address range
@klang
klang / readme.md
Last active February 4, 2021 08:56
The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template. This is an advanced way to roll out the role needed, in a multi account structure.

The AWS E-learning course "Creating an IAM Role for AWS Partner-Led Support" describes how to make a specific support role, but doesn't provide the actual template.

This is an advanced way to roll out the role needed, in a multi account structure. If the Partner-Led customer is using AWS ControlTower or AWS LandingZone or some other home baked control mechanism under AWS Organizations, a StackSet is probably the way to go.

@klang
klang / readme.md
Last active October 16, 2020 11:00
Using AWS::SSM::Parameter to break AWS CloudFormation dependencies
@klang
klang / dynamodb.org
Created April 10, 2015 09:04
Example usage of DynamoDB from the cli (inside emacs, via org-mode)

Set up the environment

(setq org-confirm-babel-evaluate nil)
(setq org-babel-sh-command "ssh default ")
;; customize the following variables:
;;(setq org-babel-load-languages 
;;<<< '((emacs-lisp . t) (python . t) (clojure . t) (sh . t ) (perl . t)))
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role
---
Parameters:
RootAccountID:
Type: String
Description: AccountID for the Organization hosting the Automated Landing Zone Stack Sets
AWSTemplateFormatVersion: '2010-09-09'
Resources:
AWSCloudFormationStackSetExecutionRole:
Type: AWS::IAM::Role