nmarchini

#!/usr/bin/env bash

if [ $# -ne 1 ]; then
  echo "Usage: $0 <namespace>"
  exit 1
fi

namespace="$1"

# Get the list of pod names in the specified namespace

nmarchini

#!/usr/bin/env bash


if [ "$AWS_PROFILE" = "" ]; then
  echo "No AWS_PROFILE set"
  exit 1
fi


for region in $(aws ec2 describe-regions --region eu-west-1 | jq -r .Regions[].RegionName); do

nmarchini

---
# yamllint disable rule:line-length
default_language_version:
  python: python3.8
repos:
  - repo: git://github.com/pre-commit/pre-commit-hooks
    rev: v3.4.0
    hooks:
      - id: check-json
      - id: check-merge-conflict

nmarchini

### This script runs through a list of domains in a text file called domains.txt and checks if zone transfer is enabled or disabled
## One domain per line in the for mydomain.com
## you can replace 1.1.1.1 with the DNS server to use for the checks.



#!/bin/bash
cat domains.txt | while read domain
do
  echo $domain " " & dig axfr 1.1.1.1 $domain

nmarchini

AWS Account 671402871606 is an AWS Account in EU-west-1 that is used by elasticsearch, when you create a custom domain the ES service adds your certificate to their loadbalancer. You need to remove the ES domain before you can delete the certificate. 

nmarchini

resource "null_resource" "domain_custom_endpoint" {
  triggers = {
    associations = module.elasticsearch-cluster.domain_hostname
  }
  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]
    command = <<EOF
aws es update-elasticsearch-domain-config --domain-name ${local.domain-name} --domain-endpoint-options EnforceHTTPS=true,TLSSecurityPolicy=Policy-Min-TLS-1-0-2019-07,CustomEndpointEnabled=true,CustomEndpoint=${local.cust_domain_name}.,CustomEndpointCertificateArn=${local.cert_arn}
EOF
  }

nmarchini

This gets around the issue seen below when trying to run AWS CLI commands. Some networking devices that intercept the traffic can act like a main in the middle so can cause this issue

$ aws s3 ls

SSL validation failed for https://s3.eu-west-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)


There are a few ways to fix this, AWS docs say you can add the line for ca_bundle to the ~/.aws/config file but this didn't work for me as it was being overridden by a global environment variable. 

[default]

nmarchini

# Add trusted hosts to the pip configuration on a per user basis.

On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.

On macOS the configuration file is $HOME/Library/Application Support/pip/pip.conf if directory $HOME/Library/Application Support/pip exists else $HOME/.config/pip/pip.conf.

On Windows the configuration file is %APPDATA%\pip\pip.ini.

- Create the pip.ini or pip.conf file as requred for your OS
- Copy the code below into the file and save

nmarchini

If you get this error then check that the EC2 instance has the correct ECS IAM Role or the service will not start.


2019-12-04T21:18:27Z - [INFO]:Starting the AmazonECS service...
Start-Service : Failed to start service 'Amazon ECS (AmazonECS)'.
At C:\Program Files\WindowsPowerShell\Modules\ECSTools\ECSTools.psm1:650 char:5
+     Start-Service -Name $Script:ECSService
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
   ServiceCommandException

nmarchini

Keybase proof

I hereby claim:

• I am nmarchini on github.
• I am nmarchini (https://keybase.io/nmarchini) on keybase.
• I have a public key ASBrs-RBXT9YNjH1Ib-KrcfAluf9G12Lxo2snGVgvZlKwwo

To claim this, I am signing this object: