Skip to content

Instantly share code, notes, and snippets.

View klapcsik's full-sized avatar

klapcsik

2 followers · 15 following
View GitHub Profile
@klapcsik
klapcsik / 01-04-eksctl.sh
Created March 12, 2023 06:21 — forked from vfarcic/01-04-eksctl.sh
# Source: https://gist.github.com/681a5f4455428379e00bc815450e12d8
#############################################
# eksctl #
# How to Create and Manage AWS EKS clusters #
# https://youtu.be/pNECqaxyewQ  #
#############################################
#########
# Setup #
@klapcsik
klapcsik / gist:f2a8a505e0741c9269723f87af051d63
Created February 24, 2023 15:08 — forked from moonape1226/gist:96f9191ec8933d6b6964e61e6d5f3521
S3 bucket policy for storing AWS ALB access log
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${aws_elb_account_id}:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::${bucket_name}/prefix/AWSLogs/${your_account_id}/*"
@klapcsik
klapcsik / gist:fda306325639d92d3797e338669797c3
Created February 24, 2023 15:01 — forked from moonape1226/gist:a5cad88aa6564f18a024e6ac1a66adb1
S3 bucket policy for storing AWS NLB access log
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
@klapcsik
klapcsik / monzo-alertmanager-config.yaml
Created January 18, 2023 08:04 — forked from milesbxf/monzo-alertmanager-config.yaml
Monzo's Alertmanager Slack templates
###################################################
##
## Alertmanager YAML configuration for routing.
##
## Will route alerts with a code_owner label to the slack-code-owners receiver
## configured above, but will continue processing them to send to both a
## central Slack channel (slack-monitoring) and PagerDuty receivers
## (pd-warning and pd-critical)
##
@klapcsik
klapcsik / bash_aws_jq_cheatsheet.sh
Created January 10, 2023 08:14 — forked from lukeplausin/bash_aws_jq_cheatsheet.sh
AWS, JQ and bash command cheat sheet. How to query, cut and munge things in JSON generally.
# Count total EBS based storage in AWS
aws ec2 describe-volumes | jq "[.Volumes[].Size] | add"
# Count total EBS storage with a tag filter
aws ec2 describe-volumes --filters "Name=tag:Name,Values=CloudEndure Volume qjenc" | jq "[.Volumes[].Size] | add"
# Describe instances concisely
aws ec2 describe-instances | jq '[.Reservations | .[] | .Instances | .[] | {InstanceId: .InstanceId, State: .State, SubnetId: .SubnetId, VpcId: .VpcId, Name: (.Tags[]|select(.Key=="Name")|.Value)}]'
# Wait until $instance_id is running and then immediately stop it again
aws ec2 wait instance-running --instance-id $instance_id && aws ec2 stop-instances --instance-id $instance_id
# Get 10th instance in the account
@klapcsik
klapcsik / README.md
Created October 28, 2022 07:21 — forked from andrewodri/README.md
Create and Validate an ACM Certificate

This script performs the following actions:

  1. Creates a TLS certificate in ACM
  2. Upserts a validation CNAME record in Route 53
  3. Waits for the validation CNAME record to complete/update
  4. Waits for the certificate to validate and issue
  5. Outputs a description of the certificate

This obviously assumes that your domain's DNS is hosted on Route 53. It also uses the AWS credentials and region for the environment it is executed in.

@klapcsik
klapcsik / access secretsmanager from lambda
Created October 22, 2022 21:09 — forked from beabetterdevv/access secretsmanager from lambda
IAM Policies
---
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "*"
@klapcsik
klapcsik / ip whitelist iam policy
Created October 22, 2022 21:09 — forked from beabetterdevv/ip whitelist iam policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "*"
},
{
@klapcsik
klapcsik / testenv-up.sh
Created October 17, 2022 01:49 — forked from pbar1/testenv-up.sh
Kind cluster with Vault K8s Auth Method
#!/usr/bin/env bash
set -o errexit -o pipefail -x
GIT_ROOT="$(git rev-parse --show-toplevel)"
CLUSTER_NAME=example-test
export KUBECONFIG="${GIT_ROOT}/test/test-kubeconfig.yaml"
# usage: portfwd [namespace] [port]
# assumes service exists with same name as namespace
portfwd() {
@klapcsik
klapcsik / 54-kaniko.sh
Created October 16, 2022 08:56 — forked from vfarcic/54-kaniko.sh
# Source: https://gist.github.com/627fcfbfbc17a683a70210947e02eaa3
##########
# Kaniko #
##########
open https://github.com/vfarcic/kaniko-demo
# Fork it