-
KMS key access is almost like cross-account policies but with some differences. KMS keys must have a policy that either:
- Explicitly grants an IAM Principal access
- Permits the AWS account in question the ability to delegate access to the key
- Cross-account access works like any other: you need permissions on the resource and the IAM principal.
- Same account access needs the first and/or second bullet -- this is unlike other resources, which by default, delegates IAM access to it.
-
The root principal ARN means that IAM in the account has permissions to delegate permissions to Roles/Managed Policies/etc. in the account. It does not grant access to all principals in the account.
Mike Grima mikegrima
mikegrima
/ test_config_querying_and_pagination.py
Created
July 31, 2023 20:00
Paginated and batched AWS Config resource fetching and listing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| This gist covers how to: | |
| - Make pytest fixtures for querying S3 buckets in AWS Config | |
| - This tests the querying AWS Config's aggregated advanced query with full pagination (this works for non-aggregated queries as well) | |
| - This also tests batch fetching resource configuration data out of the aggregator (this works for non-aggregated as well) | |
| """ | |
| import json | |
| import os | |
| from typing import Any, Dict, Generator, List | |
| from unittest.mock import MagicMock |
This is code that makes it very easy to obtain a GitHub token for a GitHub application in Python.
This code works by performing the full song and dance required to obtain a token to operate in a GitHub organization. This manages the secret in AWS Secrets manager, caches the tokens and credentails, and refreshes them when neeeded.
The best part is the @github_auth decorator, which injects the credentials into your function when you supply the org name
automagically.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """Pytest fixutre for mocking out the retry decorator as found here: https://pypi.org/project/retry/.""" | |
| import mock | |
| from typing import Callable, Generator | |
| import pytest | |
| @pytest.fixture | |
| def mock_retry() -> Generator[None, None, None]: | |
| """This mocks out the retry decorator so things don't retry or block.""" | |
| def mock_retry_decorator(*args, **kwargs) -> Callable: |
GitHub GraphQL is annoying AF.
These are some sample queries that I have needed to do and am logging it here so I don't forget them.
API endpoint: https://api.github.com/graphql, Method: POST. Authorization requires a Bearer token, and apparently:
Personal access tokens with fine grained access do not support the GraphQL API... So that's lame! (as of November 2022)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If doing STS things, you will need to make sure that you use the proper STS endpoint now. | |
| # You need to remember that you need to pass in the endpoint URL. Use this for CloudAux: | |
| from typing import Any, Dict, List | |
| from botocore.client import BaseClient | |
| from cloudaux import sts_conn | |
| from cloudaux.aws.decorators import paginated | |
| ROLE_TO_ASSUME = "AssumeThisRole" | |
| ACCOUNT_NUMBER = "012345678910" |
mikegrima
/ get_regions.py
Created
June 27, 2022 16:41
Get the available regions for a given AWS service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the available regions for a given AWS serivce: | |
| # As seen on: https://github.com/boto/boto3/issues/188 | |
| import boto3 | |
| print(boto3.session.Session().get_available_regions('sns')) | |
| # ['af-south-1', 'ap-east-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-southeast-3', 'ca-central-1', 'eu-central-1', 'eu-north-1', 'eu-south-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'me-south-1', 'sa-east-1', 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| import json | |
| from typing import Any | |
| from urllib.parse import unquote_plus | |
| def un_wrap_json(json_obj: Any) -> Any: | |
| """Helper function to unwrap nested JSON in the AWS Config resource configuration.""" | |
| # pylint: disable=C0103,W0703,R0911 | |
| # Is this a field that we can safely return? |
I loved playing Star Control on the Sega Genesis and was really happy that The Ur-Quan Masters came out. However, I find that the ship combat speed is way too fast. If you've played the Sega Genesis version of Star Control, you'd be used to a much slower gameplay speed.
It turns out that you can make Ur-Quan Masters run at a similar (or whatever) speed you want: you just need to edit the source code to do this. However, the good news is, it's pretty straightforward.
If you have ever mistakenly added a word to the Brave browser dictionary,
you need to manually edit the Custom Dictionary.txt file.
As of March 2020, the Brave UI lacks a feature to do this.
This will depend on your OS. Google for where this is on your OS.
The file on macOS is at: ~/Library/Application\ Support/BraveSoftware/Brave-Browser/Default/Custom\ Dictionary.txt.
NewerOlder