View ssh over ssm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# brew install session-manager-plugin | |
# Bootstrap your ssh key to ec2 instance, then start ssh session over ssm to it | |
# Since it's plain ssh can then e.g. port forward and all the funky stuff | |
Host i-* mi-* ssm-jumphost | |
User ec2-user | |
IdentityFile ~/.ssh/nick-doyle-slalom-lab-ed25519 | |
ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --ssh-public-key '$(cat ~/.ssh/nick-doyle-slalom-lab-ed25519.pub)' --instance-os-user ec2-user; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'" |
View fix_github_copilot.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Fix Github Co-pilot self-signed cert problem | |
# See: https://github.com/orgs/community/discussions/8866#discussioncomment-3517831 | |
# The script is modified to handle .vscode-server too (in WSL2) | |
fix_github_copilot() { | |
patch_ext() { | |
_VSCODEDIR=$1 | |
_EXTENSIONSPATH="$HOME/${_VSCODEDIR}/extensions" | |
_RE=$2 |
View gist:f06a51bf018e617fce25e32706b6af09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Will the System be deployed on Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS)? | |
Will the Cloud Deployment Model be Private Cloud, Public Cloud, Community Cloud, or Hybrid Cloud? Please provide a brief description. | |
What 3rd party Certifications or Accreditations have been acquired by the Cloud provider? (e.g. ISO/PCI/SSAE16/270001/IRAP) | |
Are all data centres in Australia? If not, can the system be configured to only use Data Centres located in Australia? | |
Does the vendor have an overarching Information Security Policy/Information Security Framework? Please provide a list of security documents in place currently. |
View gist:b0cea7202067976525bb962b2788a735
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Note the projection for api/alb name is an enum not 'injected' to enable querying on it | |
CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs ( | |
type string, | |
time string, | |
elb string, | |
client_ip string, | |
client_port int, | |
target_ip string, | |
target_port int, |
View gist:346f681fed749c7f6ba832447ccdb3d7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for pod in (kubectl get pods --field-selector=status.phase=Running --no-headers -o custom-columns=":metadata.name") | |
echo $pod | |
kubectl exec -ti $pod -- ping 1.1.1.1 -W1 -c1 -q >/dev/null | |
end |
View gcp-aws-vpn.create.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Stand up a VPN between GCP & AWS | |
# Assumes you're CLI auth'd to both as default | |
# Based on https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws | |
# Yes it's ugly AF but basically working! | |
# Usage: ./setup-vpn.py --shared-secret-0=xxxxxx --shared-secret-1=aaaaa --shared-secret-2=bbbb --shared-secret-3=cccc | |
# You'll need to to pip[env] install beautifulsoup4 click boto3 lxml | |
import subprocess | |
import json |
View .pre-commit-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
repos: | |
- repo: https://github.com/bridgecrewio/checkov.git | |
rev: 2.0.402 | |
hooks: | |
- id: checkov | |
files: . | |
args: | |
- --quiet |
View ec2-instance-prep-for-tf-dev.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
set -x | |
sudo amazon-linux-extras enable epel | |
sudo yum install epel-release fuse-sshfs | |
sudo sed -i s/\#\ user/user/g /etc/fuse.conf | |
sudo curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash | |
sudo wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.31.1/terragrunt_linux_amd64 -O /usr/bin/terragrunt | |
sudo chmod +x /usr/bin/terragrunt | |
sudo wget https://github.com/Versent/saml2aws/releases/download/v2.31.0/saml2aws_2.31.0_linux_amd64.tar.gz -O /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz | |
sudo tar -xzvf /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz | |
sudo chmod +x /usr/bin/saml2aws |
View deactivate-actions.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from github import Github | |
from pprint import pprint | |
import requests | |
TOKEN = 'PERSONAL_ACCESS_TOKEN' | |
g = Github(TOKEN) | |
for repo in g.get_user().get_repos(visibility='public'): |
View linux-oneliners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sha256 of all running executables | |
for f in `ps -eo comm` ; do shasum5.28 -a 256 "$f" ; done | |
NewerOlder