Skip to content

Instantly share code, notes, and snippets.

@kunduso
kunduso / powershell command
Last active Jun 18, 2021
Powershell command to initialize a terraform working directory
View powershell command
terraform init -backend-config="bucket=$(remote-state-bucket-name)" -backend-config="key=tf/terraform.tfstate" -backend-config="region=$(region)" -backend-config="access_key=$(access_key)" -backend-config="secret_key=$(secret_key)" -no-color
@kunduso
kunduso / assume-role-policy-trusted.json
Created Jun 4, 2021
The policy file is used to allow a user in a Trusted AWS account to be able to assume a role in a Trusting AWS account.
View assume-role-policy-trusted.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::$(TrustingAccountID):role/Assume-Role-1"
}
@kunduso
kunduso / assume-role-policy.json
Created Jun 4, 2021
This is a JSON file to create an AWS IAM policy to allow full access to any S3 bucket
View assume-role-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
@kunduso
kunduso / aws-cli-create-iam-policy-and-user.txt
Last active Jun 27, 2021
The aws cli to create a IAM policy, create a user, create access key, and attach the user to the policy
View aws-cli-create-iam-policy-and-user.txt
# The code for the backend-role-policy.json is available at https://gist.github.com/kunduso/bf94f1aa5e683ed66539458a9a44138d
# create a policy with name "Custom-Terraform-Policy-Backend-April"
# https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html
aws iam create-policy --policy-name Custom-Terraform-Policy-Backend-April --policy-document file://backend-role-policy.json
#output
{
"Policy": {
"PolicyName": "Custom-Terraform-Policy-Backend-April",
"PolicyId": "ANPAZIAA3LP6OBWQHE5E6",
@kunduso
kunduso / aws-cli-create-dynamodb-table.txt
Last active Apr 3, 2021
The aws cli to create a dynamodb table
View aws-cli-create-dynamodb-table.txt
# table name: Terraform-backend-lock
aws dynamodb create-table --table-name Terraform-backend-lock --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5
#output
{
"TableDescription": {
"AttributeDefinitions": [
{
"AttributeName": "LockID",
"AttributeType": "S"
@kunduso
kunduso / aws-cli-encrypt-s3.txt
Last active Apr 3, 2021
The aws cli to encrypt a s3 bucket
View aws-cli-encrypt-s3.txt
# bucket name: skundu-terraform-remote-state-two
aws s3api put-bucket-encryption --bucket skundu-terraform-remote-state-two --server-side-encryption-configuration "{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\": \"AES256\"}}]}"
# no output if bucket encryption is successfully applied
@kunduso
kunduso / aws-cli-create-s3.txt
Created Apr 3, 2021
The aws cli to create a s3 bucket
View aws-cli-create-s3.txt
# bucket name: skundu-terraform-remote-state-two
aws s3api create-bucket --bucket skundu-terraform-remote-state-two --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2
#output
{
    "Location": "http://skundu-terraform-remote-state-two.s3.amazonaws.com/"
}
View azure-contributor-role-list.txt
C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9>az role definition list -n Contributor
[
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"id": "/subscriptions/25a30d13-b7a9-4bdb-abdd-3b7c9b8552d2/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
@kunduso
kunduso / azure-service-principal.txt
Last active Mar 26, 2021
azure cli commands to create a service principal
View azure-service-principal.txt
# az ad sp create-for-rbac --name "$(Service-Principal-Name)" --role "Contributor" --scope "/subscriptions/$(SubscriptionNumber)"
az ad sp create-for-rbac --name "Terraform-User-March-2021" --role "Contributor" --scope "/subscriptions/$(SubscriptionID)"
# I am replacing the tenant and subscription value with variable for security reasons
# Output from the commandline console:
Changing "Terraform-User-March-2021" to a valid URI of "http://Terraform-User-March-2021", which is the required format used for service principal names
Creating 'Contributor' role assignment under scope '/subscriptions/$(SubscriptionID)'
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
@kunduso
kunduso / storage-account.cmd
Last active Mar 26, 2021
azure cli command to create a resource group, storage account, and storage container
View storage-account.cmd
az group create --name Terraform-Remote-State-Group --location "East US"
# the above command creates a resource group and displays the result in below format
{
"id": "/subscriptions/$(SubscriptionNumber)/resourceGroups/Terraform-Remote-State-Group",
"location": "eastus",
"managedBy": null,
"name": "Terraform-Remote-State-Group",
"properties": {
"provisioningState": "Succeeded"
},