Extracts perms from cloud-custodian repo, sanitizes extracted data, and transforms into terraform.
The code will
- search for
permissions = (get this data)
over multiline - print only the captured group
DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:
import boto3 | |
from sys import argv | |
def get_name(aws_obj): | |
names = list(tag['Value'] for tag in aws_obj['Tags'] if tag['Key'] == 'Name') | |
if len(names) != 1: | |
# print('No name for object: {}'.format(aws_obj)) | |
return '--unknown--' |
Last updated, 2024-05-16, applies to macOS 14.x.x (Sonoma) on Intel silicon hardware.
The default Terminal and Shell (zsh) is replaced with iTerm2 and Bash v5.
This document is meant to serve as an aid and reference in preparing a macOS system on Intel silicon hardware, the process is reviewed and completed manually. Apple M silicon hardware has not been tested.
Note: Review associated documentation at each software and service site prior to implementation to avoid unintended side effects. Prior to running
brew install
commands, runbrew info
to confirm what and how Homebrew will manage an installation. Some of the information may also apply to Apple silicon hardware but has not yet been verified.
Credit goes to Igor Kantor (https://medium.com/@devfire) who wrote the original post (5 parts) on Medium:
The goal of this GitHubGist is to support anyone who wants to implement the described architecture and get it running on AWS. This means you should use both the Medium Post and this GitHubGist for the implementation (since I will not repeat all the text here).
On my aws account I used a prefix (medium_) for all services, to easily find them amongst all the other running services/instance/funtions/roles etc. (just as a suggestion). It will make cleaning up your aws account easier later on.
#!/bin/bash | |
aws route53 list-resource-record-sets \ | |
--hosted-zone ${SOURCE_HOSTED_ZONE_ID} \ | |
--query '{Changes: ResourceRecordSets[?Type != `NS` && Type != `SOA`].{"Action": `UPSERT`, "ResourceRecordSet": @ }}' > changeset.json | |
aws route53 change-resource-record-sets \ | |
--hosted-zone ${TARGET_HOSTED_ZONE_ID} \ | |
--change-batch "$(<changeset.json)" | |
I created these scripts to generate some daily and monthly notes in Bear.
The launchd scripts will run the daily script every day at 3am and the monthly script on the first of every month at 2am. Make sure to update the path to the actual scripts in the launchd scripts before loading them.
mv com.bearjournal.daily.plist ~/Library/LaunchAgents/
launchctl load ~/Library/LaunchAgents/com.bearjournal.daily.plist
mv com.bearjournal.monthly.plist ~/Library/LaunchAgents/
launchctl load ~/Library/LaunchAgents/com.bearjournal.monthly.plist
AbortDocumentVersionUpload | |
AbortEnvironmentUpdate | |
AbortMultipartUpload | |
AbortVaultLock | |
AcceptAccountMapping | |
AcceptCertificateTransfer | |
AcceptDelegate | |
AcceptDirectConnectGatewayAssociationProposal | |
AcceptFxPaymentCurrencyTermsAndConditions | |
AcceptHandshake |
# Enable the kube-ps1 oh-my-zsh plugin | |
plugins = ( | |
git | |
kube-ps1 | |
) | |
# The output of the kube_ps1 function is text, so it can be used | |
# directly as a custom p9k segment | |
POWERLEVEL9K_CUSTOM_KUBE_PS1='kube_ps1' |
#!/bin/bash | |
# AWS route53 Delete all hosted zones. | |
# Requires aws cli, jq | |
# chmod u+x ~/aws-route53-delete-hosted-zones.sh | |
# AWS profile to use. | |
PROFILE="default" | |
# Loop through each Hosted Zone. | |
while read id |