-
KMS key access is almost like cross-account policies but with some differences. KMS keys must have a policy that either:
- Explicitly grants an IAM Principal access
- Permits the AWS account in question the ability to delegate access to the key
- Cross-account access works like any other: you need permissions on the resource and the IAM principal.
- Same account access needs the first and/or second bullet -- this is unlike other resources, which by default, delegates IAM access to it.
-
The root principal ARN means that IAM in the account has permissions to delegate permissions to Roles/Managed Policies/etc. in the account. It does not grant access to all principals in the account.
""" | |
This gist covers how to: | |
- Make pytest fixtures for querying S3 buckets in AWS Config | |
- This tests the querying AWS Config's aggregated advanced query with full pagination (this works for non-aggregated queries as well) | |
- This also tests batch fetching resource configuration data out of the aggregator (this works for non-aggregated as well) | |
""" | |
import json | |
import os | |
from typing import Any, Dict, Generator, List | |
from unittest.mock import MagicMock |
This is code that makes it very easy to obtain a GitHub token for a GitHub application in Python.
This code works by performing the full song and dance required to obtain a token to operate in a GitHub organization. This manages the secret in AWS Secrets manager, caches the tokens and credentails, and refreshes them when neeeded.
The best part is the @github_auth
decorator, which injects the credentials into your function when you supply the org name
automagically.
"""Pytest fixutre for mocking out the retry decorator as found here: https://pypi.org/project/retry/.""" | |
import mock | |
from typing import Callable, Generator | |
import pytest | |
@pytest.fixture | |
def mock_retry() -> Generator[None, None, None]: | |
"""This mocks out the retry decorator so things don't retry or block.""" | |
def mock_retry_decorator(*args, **kwargs) -> Callable: |
GitHub GraphQL is annoying AF.
These are some sample queries that I have needed to do and am logging it here so I don't forget them.
API endpoint: https://api.github.com/graphql
, Method: POST
. Authorization requires a Bearer token, and apparently:
Personal access tokens with fine grained access do not support the GraphQL API
... So that's lame! (as of November 2022)
# If doing STS things, you will need to make sure that you use the proper STS endpoint now. | |
# You need to remember that you need to pass in the endpoint URL. Use this for CloudAux: | |
from typing import Any, Dict, List | |
from botocore.client import BaseClient | |
from cloudaux import sts_conn | |
from cloudaux.aws.decorators import paginated | |
ROLE_TO_ASSUME = "AssumeThisRole" | |
ACCOUNT_NUMBER = "012345678910" |
# Get the available regions for a given AWS serivce: | |
# As seen on: https://github.com/boto/boto3/issues/188 | |
import boto3 | |
print(boto3.session.Session().get_available_regions('sns')) | |
# ['af-south-1', 'ap-east-1', 'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3', 'ap-south-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-southeast-3', 'ca-central-1', 'eu-central-1', 'eu-north-1', 'eu-south-1', 'eu-west-1', 'eu-west-2', 'eu-west-3', 'me-south-1', 'sa-east-1', 'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2'] |
import datetime | |
import json | |
from typing import Any | |
from urllib.parse import unquote_plus | |
def un_wrap_json(json_obj: Any) -> Any: | |
"""Helper function to unwrap nested JSON in the AWS Config resource configuration.""" | |
# pylint: disable=C0103,W0703,R0911 | |
# Is this a field that we can safely return? |
I loved playing Star Control on the Sega Genesis and was really happy that The Ur-Quan Masters came out. However, I find that the ship combat speed is way too fast. If you've played the Sega Genesis version of Star Control, you'd be used to a much slower gameplay speed.
It turns out that you can make Ur-Quan Masters run at a similar (or whatever) speed you want: you just need to edit the source code to do this. However, the good news is, it's pretty straightforward.
If you have ever mistakenly added a word to the Brave browser dictionary,
you need to manually edit the Custom Dictionary.txt
file.
As of March 2020, the Brave UI lacks a feature to do this.
This will depend on your OS. Google for where this is on your OS.
The file on macOS is at: ~/Library/Application\ Support/BraveSoftware/Brave-Browser/Default/Custom\ Dictionary.txt
.