Matt Gillard mattgillard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:Create*", | |
| "ec2:Describe*", | |
| "ec2:Modify*", | |
| "ec2:Delete*", |
mattgillard
/ pull-request.yaml
Created
December 18, 2023 06:12
Sample cloudformation lint config for GitHub workflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request workflow | |
| on: | |
| - pull_request | |
| jobs: | |
| cloudformation-linter: | |
| runs-on: ubuntu-latest | |
| steps: |
mattgillard
/ sendmessagebatch.vtl
Last active
April 2, 2023 00:22
AWS API Gateway VTL for flattening array to SendMessageBatch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Input is like: | |
| ## curl --request POST "https://xxx.execute-api.ap-southeast-2.amazonaws.com/Prod/resource?MessageGroupId=1114" -H "Content-Type: application/json" --data-raw "{\"mykey\":[\"A\",\"B\"]}" | |
| ## | |
| ## If you get this error: | |
| ## { | |
| ## "Error": { | |
| ## "Code": "AccessDenied", | |
| ## "Message": "Access to the resource https://sqs.ap-southeast-2.amazonaws.com/123456789012/myqueue.fifo is denied.", | |
| ## "Type": "Sender" | |
| ## }, |
mattgillard
/ awscurl.sh
Last active
February 25, 2023 03:27
Sample script to curl a url passed as first argument to an AWS API Gateway configured with IAM authentication (AWS_IAM)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| AWS_ACCESS_KEY_ID="$(aws configure get aws_access_key_id)" | |
| AWS_SECRET_ACCESS_KEY="$(aws configure get aws_secret_access_key)" | |
| AWS_SESSION_TOKEN=$(aws configure get aws_session_token) | |
| AWS_REGION=$(aws configure get region) | |
| # from https://gist.github.com/slawekzachcial/fe23184124763dfb82f233b5dde2394b?permalink_comment_id=4292171#gistcomment-4292171 | |
| curl --request GET -v \ |
mattgillard
/ pyodbc.py
Created
January 31, 2023 03:19
Python ODBC code to test AWS RDS Proxy IAM authentication with SQL Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import pyodbc | |
| import boto3 | |
| # IMPORTANT: Install Microsoft ODBC drivers first for your platform - see: https://learn.microsoft.com/en-us/sql/connect/odbc/linux-mac/install-microsoft-odbc-driver-sql-server-macos?view=sql-server-ver16 | |
| # Just an install is enough for pyodbc to see them. | |
| # Also, on M1 mac need to use 4.0.34 release of pyodbc | |
| # pip3.11 install pyodbc==4.0.34 | |
| # v4.0.35 is broken |
mattgillard
/ Program.cs
Last active
January 31, 2023 06:52
dotnet code to test AWS RDS Proxy IAM authentication with SQL Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Microsoft.Data.SqlClient; | |
| using Amazon.RDS; | |
| /* | |
| This code is a sample for generating an RDS auth token to use for IAM authentication with MS SQL server. | |
| ref: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy-setup.html | |
| Below steps assumes you stored DB user creds in secrets manager when deploying RDS. |
mattgillard
/ aws_rds_proxy_golang_test.go
Last active
February 5, 2023 05:15
golang code to test AWS RDS Proxy IAM authentication with SQL Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| /* | |
| Notes: | |
| This demonstrates how to use the native fedauth functionality with AWS RDS Proxy for MS SQL server. | |
| Connection string is simple as the access token is retrieved via the token provider in NewConnectorWithAccessTokenProvider. | |
| How to use (make sure you have an active IAM user api key or role via the regular methods): | |
| 1. Create an RDS MS SQL Server (Express is fine for cheapness) |
mattgillard
/ gist:a78cbd6c4b2edeb82c04d9fa716d63b2
Created
December 7, 2021 00:01
simulate-principal-policy example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws --region=us-east-1 iam simulate-principal-policy \ | |
| --context-entries ContextKeyName=aws:RequestedRegion,ContextKeyValues=us-east-1,ContextKeyType=string \ | |
| --policy-source-arn=arn:aws:iam::123456789:role/OrganizationAccountAccessRole \ | |
| --action-names s3:PutObject |
mattgillard
/ ccapi-notcompatible.txt
Created
October 7, 2021 23:11
AWS Resources not currently supported by AWS Cloud Control API as of 8/Oct/2021.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # aws cloudformation list-types --type RESOURCE --visibility PUBLIC --provisioning-type NON_PROVISIONABLE --filters Category=AWS_TYPES|grep -i TypeName > /tmp/ccapi-notcompatible.txt | |
| # | |
| "TypeName": "AWS::AmazonMQ::Broker", | |
| "TypeName": "AWS::AmazonMQ::Configuration", | |
| "TypeName": "AWS::AmazonMQ::ConfigurationAssociation", | |
| "TypeName": "AWS::ApiGateway::Deployment", | |
| "TypeName": "AWS::ApiGateway::DocumentationPart", | |
| "TypeName": "AWS::ApiGateway::GatewayResponse", | |
| "TypeName": "AWS::ApiGateway::RestApi", | |
| "TypeName": "AWS::ApiGateway::VpcLink", |
mattgillard
/ startup.sh
Last active
October 2, 2021 13:26
— forked from nathenharvey/startup.sh
nginx startup script for gcp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| apt-get update | |
| apt-get install -y nginx | |
| service nginx start | |
| sed -i -- 's/nginx/Google Cloud Platform - '"$HOSTNAME"'/' /var/www/html/index.nginx-debian.html | |
| # allow for load testing with loader.io replace text with code provided by loader.io | |
| echo "loaderio-a78c247b33950ae8d1007c254b91c8be" > /var/www/html/loaderio-a78c247b33950ae8d1007c254b91c8be.txt |
NewerOlder