Skip to content

Instantly share code, notes, and snippets.

View nitrocode's full-sized avatar
🚀
Thinking and typing

nitrocode nitrocode

🚀
Thinking and typing
94 followers · 93 following
View GitHub Profile
@nitrocode
nitrocode / kandji-local-homebrew-xz-check.md
Last active May 10, 2024 21:32
kandji-local-homebrew-xz-check.sh

Use Kandji to run local homebrew commands

The current script simply uses kandji to run local homebrew to upgrade xz if it's vulnerable.

This is very useful if kandji was not used to provision homebrew and was installed by the user.

The way it works is

  1. Get the prefix of homebrew which is different if on arm or x86
  2. Determine the user that installed homebrew
@nitrocode
nitrocode / renovatebot_cheat_sheet.md
Created November 2, 2023 23:18
Renovatebot cheat sheet

Renovatebot Cheat Sheet

Run locally

docker run --rm -ti \
  -e LOG_LEVEL=debug \
  -e GITHUB_COM_TOKEN="$GITHUB_COM_TOKEN" \
  -v /tmp:/tmp \
 -v $(pwd):/usr/src/app \
@nitrocode
nitrocode / aws-cheat-sheet.md
Last active February 29, 2024 00:15
AWS (awscli) Cheat Sheet

AWS Cheat Sheet

Just some quick cli commands to help in specific situations

Get max asg desired capacity over a period

This grabs the max desired capacity in the last 30 days then uses jmespath max to get the max of the returned time series.

aws cloudwatch get-metric-statistics \
@nitrocode
nitrocode / iam-policy-to-modify-ec2s-own-tags.md
Created February 27, 2023 18:49
IAM policy to describe and create tags on its own instance 
data "aws_iam_policy_document" "hello" {
  statement {
    sid       = "VisualEditor0"
    effect    = "Allow"
    resources = ["arn:<PARTITION>:ec2:<REGION>:<ACCOUNT_ID>:instance/${ec2:InstanceID}"]
    actions   = ["ec2:CreateTags"]
@nitrocode
nitrocode / multi-account-role-assumption.md
Last active February 16, 2023 05:48
Multi account role assumption

multi account role assumption

Here are the steps

  1. Identify an ingress aws account for your primary aws role (where atlantis first assumes a role)
  2. Create standard iam roles across each aws account that allows the role from 1 (primary aws role) to assume these new roles
  3. Stand up atlantis and have it assume role 1 (primary aws role) by default
  4. Use the terraform block in each terraform root dir to assume the appropriate role. If you do not have an internal account map module, you can hard code the role_arn in the aws provider block.



  


  




    


          
    

      

        
        

          

              @nitrocode
          

          

            
                nitrocode
                / 1password-cli-op-cheatsheet.md
            
            

              Created
              February 2, 2023 23:51
            

              
                1password-cli (op) cheatsheet
              
          

        

      

        

  

      

    
1password-cli (op) cheatsheet


This came in handy when rummaging, managing, deduplicating, and improving the health of a company 1password


List all vault names


op vault list | cut -d' ' -f4- | sed 's,^ ,,g'




  


  




    


          
    

      

        
        

          

              @nitrocode
          

          

            
                nitrocode
                / use-opa-on-terraform-code.md
            
            

              Last active
              November 22, 2022 05:07
            

              
                Use OPA on Terraform HCL code
              
          

        

      

        

  

      

    
Use OPA on Terraform HCL code


Sample terraform with a resource that we'd like to catch


# main.tf
resource "null_resource" "default" {
  provisioner "local-exec" {
    command = "sh -c 'echo hi'"
  }



  


  




    


          
    

      

        
        

          

              @nitrocode
          

          

            
                nitrocode
                / Atlantis-with-awscli-v2.md
            
            

              Last active
              March 29, 2023 15:39
            

              
                Atlantis with awscli v2
              
          

        

      

        

  

      

    
Atlantis with awscli v2


Commands


Download the Dockerfile


wget https://gist.githubusercontent.com/nitrocode/62505b0623cd9bf27e4b39a3f98412f5/raw/Dockerfile



  


  




    


          
    

      

        
        

          

              @nitrocode
          

          

            
                nitrocode
                / using-mastercard-restapi-terraform-provider.md
            
            

              Last active
              September 8, 2022 16:56
            

              
                Using the http and mastercard restapi terraform provider
              
          

        

      

        

  

      

    
Using the http and mastercard restapi terraform provider


I had an issue when trying to get the cloudflare account_id which is available using the REST API but unavailable using the cloudflare terraform provider (original thread).


✗ curl -X GET "https://api.cloudflare.com/client/v4/accounts" \
     -H "Content-Type:application/json" \
     -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" |
  jq -r '.result[] | select(.name == "<your-account-name>").id'



  


  




    


          
    

      

        
        

          

              @nitrocode
          

          

            
                nitrocode
                / k8s-api-version-for-awscli-version.md
            
            

              Last active
              August 25, 2022 00:23
            

              
                Return the correct apiVersion for the corresponding awscli version
              
          

        

      

        

  

      

    
k8s-api-version-for-awscli-version


$ get-api-version 1.23.8
v1alpha1
$ get-api-version 1.23.9
v1beta1
$ get-api-version 2.6.4
v1alpha1
$ get-api-version 2.7.0