klapcsik

This guide is the continuation of the second section located in this link.

3. Multi-VPC architecture with VPC peering and Transit Gateway

In this section, we will learn the basics of multi-VPC architecture with VPC peering and Transit Gateway. Multi-VPC architecture is useful to isolate one environment from another, for example dev/test and production environment can have different VPC to reduce the impact from one another. Another example is to split VPC between projects where each project is owned by different team or business units that requires independent VPC management.

Transit Gateway is useful in Multi-VPC scenario where you have requirements to connect your Multi-VPC architecture with existing on-premise networks. By using Transit Gateway, you only need to configure the connectivity once between Transit Gateway to yo

klapcsik

# Source: https://gist.github.com/baaf4adb25e9efaba886c17a2ad722a5

########################################################
# How To Auto-Scale Kubernetes Clusters With Karpenter #
# https://youtu.be/C-2v7HT-uSA                         #
########################################################

# Referenced videos:
# - Karpenter: https://karpenter.sh
# - GKE Autopilot - Fully Managed Kubernetes Service From Google: https://youtu.be/Zztufl4mFQ4

klapcsik

import boto3

ec2 = boto3.client('ec2')
cloudtrail = boto3.client('cloudtrail')

def get_user(instanceid):
	response = cloudtrail.lookup_events (
		LookupAttributes=[
			{
				'AttributeKey': 'ResourceName',

klapcsik

import os
from kafka import KafkaProducer, KafkaConsumer

BOOTSTRAP_SERVERS=os.gentenv("KAFKA_BOOTSTRAP_SERVERS").split(",")
TOPIC_NAME="the-topic"
SASL_USERNAME=os.gentenv("KAFKA_SASL_USERNAME")
SASL_PASSWORD=os.gentenv("KAFKA_SASL_PASSWORD")

def consume():
  consumer = KafkaConsumer(TOPIC_NAME, security_protocol="SASL_SSL",  sasl_mechanism="SCRAM-SHA-512", sasl_plain_username=SASL_USERNAME, sasl_plain_password=SASL_PASSWORD, bootstrap_servers=BOOTSTRAP_SERVERS)

klapcsik

#list all accounts
aws organizations list-accounts

#list all active accounts
aws organizations list-accounts | jq -r '.Accounts[] | select(.Status == "ACTIVE") | "\(.Id) \(.Name)"'

#list all in-active accounts
aws organizations list-accounts | jq -r '.Accounts[] | select(.Status != "ACTIVE") | "\(.Id) \(.Name)"'

# list status of specific accounts - select from array

klapcsik

#list all accounts
aws organizations list-accounts

#list all active accounts
aws organizations list-accounts | jq -r '.Accounts[] | select(.Status == "ACTIVE") | "\(.Id) \(.Name)"'

#list all in-active accounts
aws organizations list-accounts | jq -r '.Accounts[] | select(.Status != "ACTIVE") | "\(.Id) \(.Name)"'

# list OU's of a parent

klapcsik

#!/bin/bash

PROFILE=${PROFILE:-'profile-name'}
PROJECT=${PROJECT:-'project-name'}
ENV=${ENV:-'environment'}
REGION=${REGION:-'eu-west-1'}
PARAMETERS_FOLDER=${PARAMETERS_FOLDER:-'parameters'} # '.' if the same folder
TEMPLATE_EXTENSION=${TEMPLATE_EXTENSION:-'yml'} #or yml. Depends on your preference
ENVIRONMENT_PARAMETER_NAME=${ENVIRONMENT_PARAMETER_NAME:-'EnvironmentVersion'}

klapcsik

map  $ssl_client_s_dn  $ssl_client_s_dn_cn {
	default "";
	~/CN=(?<CN>[^/]+) $CN;
}

server {
	listen 80;
	listen [::]:80;

	listen 443 ssl;

klapcsik

#!/usr/bin/env python3
# Demonstrates the use of Python to work with Cognito.
# Create a new a user, log in, check tokens and call an API.
# The purpose was to learn about Cognito. Security has been
# circumvented in the interest of keeping it simple.
# Notably, the authentication procedure uses the most insecure
# method. This code is not intended for use in production.
#
# https://www.neant.ro/aws/working-with-cognito-and-api-gateway-in-python.html

klapcsik

# AWS Cognito MFA
# MFA is not configured by default when using the AWS Cognito web UI.
# The following script will setup a user account, setup MFA for the user, and return a temporary password.

import boto3, json, pyotp
import string, random
import sys
import hmac, hashlib, base64