Skip to content

Instantly share code, notes, and snippets.

View mattgillard's full-sized avatar

Matt Gillard mattgillard

View GitHub Profile
@mattgillard
mattgillard / policy.json
Last active December 18, 2023 08:55
Sample Cloudformation Execution Role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Create*",
"ec2:Describe*",
"ec2:Modify*",
"ec2:Delete*",
@mattgillard
mattgillard / pull-request.yaml
Created December 18, 2023 06:12
Sample cloudformation lint config for GitHub workflow
name: Pull Request workflow
on:
- pull_request
jobs:
cloudformation-linter:
runs-on: ubuntu-latest
steps:
@mattgillard
mattgillard / sendmessagebatch.vtl
Last active April 2, 2023 00:22
AWS API Gateway VTL for flattening array to SendMessageBatch
## Input is like:
## curl --request POST "https://xxx.execute-api.ap-southeast-2.amazonaws.com/Prod/resource?MessageGroupId=1114" -H "Content-Type: application/json" --data-raw "{\"mykey\":[\"A\",\"B\"]}"
##
## If you get this error:
## {
## "Error": {
## "Code": "AccessDenied",
## "Message": "Access to the resource https://sqs.ap-southeast-2.amazonaws.com/123456789012/myqueue.fifo is denied.",
## "Type": "Sender"
## },
@mattgillard
mattgillard / awscurl.sh
Last active February 25, 2023 03:27
Sample script to curl a url passed as first argument to an AWS API Gateway configured with IAM authentication (AWS_IAM)
#! /bin/bash
AWS_ACCESS_KEY_ID="$(aws configure get aws_access_key_id)"
AWS_SECRET_ACCESS_KEY="$(aws configure get aws_secret_access_key)"
AWS_SESSION_TOKEN=$(aws configure get aws_session_token)
AWS_REGION=$(aws configure get region)
# from https://gist.github.com/slawekzachcial/fe23184124763dfb82f233b5dde2394b?permalink_comment_id=4292171#gistcomment-4292171
curl --request GET -v \
@mattgillard
mattgillard / pyodbc.py
Created January 31, 2023 03:19
Python ODBC code to test AWS RDS Proxy IAM authentication with SQL Server
import struct
import pyodbc
import boto3
# IMPORTANT: Install Microsoft ODBC drivers first for your platform - see: https://learn.microsoft.com/en-us/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos?view=sql-server-ver16
# Just an install is enough for pyodbc to see them.
# Also, on M1 mac need to use 4.0.34 release of pyodbc
# pip3.11 install pyodbc==4.0.34
# v4.0.35 is broken
@mattgillard
mattgillard / Program.cs
Last active January 31, 2023 06:52
dotnet code to test AWS RDS Proxy IAM authentication with SQL Server
using Microsoft.Data.SqlClient;
using Amazon.RDS;
/*
This code is a sample for generating an RDS auth token to use for IAM authentication with MS SQL server.
ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html
Below steps assumes you stored DB user creds in secrets manager when deploying RDS.
@mattgillard
mattgillard / aws_rds_proxy_golang_test.go
Last active February 5, 2023 05:15
golang code to test AWS RDS Proxy IAM authentication with SQL Server
package main
/*
Notes:
This demonstrates how to use the native fedauth functionality with AWS RDS Proxy for MS SQL server.
Connection string is simple as the access token is retrieved via the token provider in NewConnectorWithAccessTokenProvider.
How to use (make sure you have an active IAM user api key or role via the regular methods):
1. Create an RDS MS SQL Server (Express is fine for cheapness)
@mattgillard
mattgillard / gist:a78cbd6c4b2edeb82c04d9fa716d63b2
Created December 7, 2021 00:01
simulate-principal-policy example
aws --region=us-east-1 iam simulate-principal-policy \
--context-entries ContextKeyName=aws:RequestedRegion,ContextKeyValues=us-east-1,ContextKeyType=string \
--policy-source-arn=arn:aws:iam::123456789:role/OrganizationAccountAccessRole \
--action-names s3:PutObject
@mattgillard
mattgillard / ccapi-notcompatible.txt
Created October 7, 2021 23:11
AWS Resources not currently supported by AWS Cloud Control API as of 8/Oct/2021.
# aws cloudformation list-types --type RESOURCE --visibility PUBLIC --provisioning-type NON_PROVISIONABLE --filters Category=AWS_TYPES|grep -i TypeName > /tmp/ccapi-notcompatible.txt
#
"TypeName": "AWS::AmazonMQ::Broker",
"TypeName": "AWS::AmazonMQ::Configuration",
"TypeName": "AWS::AmazonMQ::ConfigurationAssociation",
"TypeName": "AWS::ApiGateway::Deployment",
"TypeName": "AWS::ApiGateway::DocumentationPart",
"TypeName": "AWS::ApiGateway::GatewayResponse",
"TypeName": "AWS::ApiGateway::RestApi",
"TypeName": "AWS::ApiGateway::VpcLink",
@mattgillard
mattgillard / startup.sh
Last active October 2, 2021 13:26 — forked from nathenharvey/startup.sh
nginx startup script for gcp
#! /bin/bash
apt-get update
apt-get install -y nginx
service nginx start
sed -i -- 's/nginx/Google Cloud Platform - '"$HOSTNAME"'/' /var/www/html/index.nginx-debian.html
# allow for load testing with loader.io replace text with code provided by loader.io
echo "loaderio-a78c247b33950ae8d1007c254b91c8be" > /var/www/html/loaderio-a78c247b33950ae8d1007c254b91c8be.txt