rdkls

# brew install session-manager-plugin

# Bootstrap your ssh key to ec2 instance, then start ssh session over ssm to it
# Since it's plain ssh can then e.g. port forward and all the funky stuff
Host i-* mi-* ssm-jumphost
    User ec2-user
    IdentityFile ~/.ssh/nick-doyle-slalom-lab-ed25519
    ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --ssh-public-key '$(cat ~/.ssh/nick-doyle-slalom-lab-ed25519.pub)' --instance-os-user ec2-user; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

rdkls

# Fix Github Co-pilot self-signed cert problem
# See: https://github.com/orgs/community/discussions/8866#discussioncomment-3517831
# The script is modified to handle .vscode-server too (in WSL2)
fix_github_copilot() {


    patch_ext() {
        _VSCODEDIR=$1
        _EXTENSIONSPATH="$HOME/${_VSCODEDIR}/extensions"
        _RE=$2

rdkls

Will the System be deployed on Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS)? 

Will the Cloud Deployment Model be Private Cloud, Public Cloud, Community Cloud, or Hybrid Cloud? Please provide a brief description. 

What 3rd party Certifications or Accreditations have been acquired by the Cloud provider?  (e.g. ISO/PCI/SSAE16/270001/IRAP)  

Are all data centres in Australia? If not, can the system be configured to only use Data Centres located in Australia? 

Does the vendor have an overarching Information Security Policy/Information Security Framework? Please provide a list of security documents in place currently. 

rdkls

Note the projection for api/alb name is an enum not 'injected' to enable querying on it

CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs (
            type string,
            time string,
            elb string,
            client_ip string,
            client_port int,
            target_ip string,
            target_port int,

rdkls

for pod in (kubectl get pods --field-selector=status.phase=Running --no-headers -o custom-columns=":metadata.name")
      echo $pod
      kubectl exec -ti $pod -- ping 1.1.1.1 -W1 -c1 -q >/dev/null
end

rdkls

#!/usr/bin/env python3
# Stand up a VPN between GCP & AWS
# Assumes you're CLI auth'd to both as default
# Based on https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws
# Yes it's ugly AF but basically working!
# Usage: ./setup-vpn.py --shared-secret-0=xxxxxx --shared-secret-1=aaaaa --shared-secret-2=bbbb --shared-secret-3=cccc
# You'll need to to pip[env] install beautifulsoup4 click boto3 lxml

import subprocess
import json

rdkls

repos:
  - repo: https://github.com/bridgecrewio/checkov.git
    rev: 2.0.402
    hooks:
      - id: checkov
        files: .
        args:
          - --quiet

rdkls

set -x
sudo amazon-linux-extras enable epel
sudo yum install epel-release fuse-sshfs
sudo sed -i s/\#\ user/user/g /etc/fuse.conf
sudo curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash
sudo wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.31.1/terragrunt_linux_amd64 -O /usr/bin/terragrunt
sudo chmod +x /usr/bin/terragrunt
sudo wget https://github.com/Versent/saml2aws/releases/download/v2.31.0/saml2aws_2.31.0_linux_amd64.tar.gz -O /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo tar -xzvf /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo chmod +x /usr/bin/saml2aws

rdkls

#!/usr/bin/env python3
from github import Github
from pprint import pprint
import requests

TOKEN = 'PERSONAL_ACCESS_TOKEN'

g = Github(TOKEN)

for repo in g.get_user().get_repos(visibility='public'):

rdkls

sha256 of all running executables

for f in `ps -eo comm` ; do shasum5.28 -a 256 "$f" ; done