kunduso
/ powershell command
Last active
June 18, 2021 11:49
Powershell command to initialize a terraform working directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform init -backend-config="bucket=$(remote-state-bucket-name)" -backend-config="key=tf/terraform.tfstate" -backend-config="region=$(region)" -backend-config="access_key=$(access_key)" -backend-config="secret_key=$(secret_key)" -no-color |
kunduso
/ assume-role-policy-trusted.json
Created
June 4, 2021 18:18
The policy file is used to allow a user in a Trusted AWS account to be able to assume a role in a Trusting AWS account.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "sts:AssumeRole" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": "arn:aws:iam::$(TrustingAccountID):role/Assume-Role-1" | |
| } |
kunduso
/ assume-role-policy.json
Created
June 4, 2021 18:16
This is a JSON file to create an AWS IAM policy to allow full access to any S3 bucket
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": "s3:*", | |
| "Resource": "*" | |
| } | |
| ] | |
| } |
kunduso
/ aws-cli-create-iam-policy-and-user.txt
Last active
June 27, 2021 11:01
The aws cli to create a IAM policy, create a user, create access key, and attach the user to the policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The code for the backend-role-policy.json is available at https://gist.github.com/kunduso/bf94f1aa5e683ed66539458a9a44138d | |
| # create a policy with name "Custom-Terraform-Policy-Backend-April" | |
| # https://docs.aws.amazon.com/cli/latest/reference/iam/create-policy.html | |
| aws iam create-policy --policy-name Custom-Terraform-Policy-Backend-April --policy-document file://backend-role-policy.json | |
| #output | |
| { | |
| "Policy": { | |
| "PolicyName": "Custom-Terraform-Policy-Backend-April", | |
| "PolicyId": "ANPAZIAA3LP6OBWQHE5E6", |
kunduso
/ aws-cli-create-dynamodb-table.txt
Last active
March 12, 2023 11:52
The aws cli to create a dynamodb table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # table name: Terraform-backend-lock | |
| aws dynamodb create-table --table-name Terraform-backend-lock --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 | |
| #output | |
| { | |
| "TableDescription": { | |
| "AttributeDefinitions": [ | |
| { | |
| "AttributeName": "LockID", | |
| "AttributeType": "S" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bucket name: skundu-terraform-remote-state-two | |
| aws s3api put-bucket-encryption --bucket skundu-terraform-remote-state-two --server-side-encryption-configuration "{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\":{\"SSEAlgorithm\": \"AES256\"}}]}" | |
| # no output if bucket encryption is successfully applied |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bucket name: skundu-terraform-remote-state-two | |
| aws s3api create-bucket --bucket skundu-terraform-remote-state-two --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2 | |
| #output | |
| { | |
| "Location": "http://skundu-terraform-remote-state-two.s3.amazonaws.com/" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\Program Files\Microsoft SDKs\Azure\.NET SDK\v2.9>az role definition list -n Contributor | |
| [ | |
| { | |
| "assignableScopes": [ | |
| "/" | |
| ], | |
| "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.", | |
| "id": "/subscriptions/25a30d13-b7a9-4bdb-abdd-3b7c9b8552d2/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", | |
| "name": "b24988ac-6180-42a0-ab88-20f7382dd24c", | |
| "permissions": [ |
kunduso
/ azure-service-principal.txt
Last active
March 26, 2021 11:08
azure cli commands to create a service principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # az ad sp create-for-rbac --name "$(Service-Principal-Name)" --role "Contributor" --scope "/subscriptions/$(SubscriptionNumber)" | |
| az ad sp create-for-rbac --name "Terraform-User-March-2021" --role "Contributor" --scope "/subscriptions/$(SubscriptionID)" | |
| # I am replacing the tenant and subscription value with variable for security reasons | |
| # Output from the commandline console: | |
| Changing "Terraform-User-March-2021" to a valid URI of "http://Terraform-User-March-2021", which is the required format used for service principal names | |
| Creating 'Contributor' role assignment under scope '/subscriptions/$(SubscriptionID)' | |
| The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli | |
| { |
kunduso
/ storage-account.cmd
Last active
March 26, 2021 10:56
azure cli command to create a resource group, storage account, and storage container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| az group create --name Terraform-Remote-State-Group --location "East US" | |
| # the above command creates a resource group and displays the result in below format | |
| { | |
| "id": "/subscriptions/$(SubscriptionNumber)/resourceGroups/Terraform-Remote-State-Group", | |
| "location": "eastus", | |
| "managedBy": null, | |
| "name": "Terraform-Remote-State-Group", | |
| "properties": { | |
| "provisioningState": "Succeeded" | |
| }, |
NewerOlder