Skip to content

Instantly share code, notes, and snippets.

View ssh over ssm
# brew install session-manager-plugin
# Bootstrap your ssh key to ec2 instance, then start ssh session over ssm to it
# Since it's plain ssh can then e.g. port forward and all the funky stuff
Host i-* mi-* ssm-jumphost
User ec2-user
IdentityFile ~/.ssh/nick-doyle-slalom-lab-ed25519
ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --ssh-public-key '$(cat ~/.ssh/nick-doyle-slalom-lab-ed25519.pub)' --instance-os-user ec2-user; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
View fix_github_copilot.sh
# Fix Github Co-pilot self-signed cert problem
# See: https://github.com/orgs/community/discussions/8866#discussioncomment-3517831
# The script is modified to handle .vscode-server too (in WSL2)
fix_github_copilot() {
patch_ext() {
_VSCODEDIR=$1
_EXTENSIONSPATH="$HOME/${_VSCODEDIR}/extensions"
_RE=$2
@rdkls
rdkls / gist:f06a51bf018e617fce25e32706b6af09
Created March 29, 2023 04:56
security assessment initial questions
View gist:f06a51bf018e617fce25e32706b6af09
Will the System be deployed on Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS)?
Will the Cloud Deployment Model be Private Cloud, Public Cloud, Community Cloud, or Hybrid Cloud? Please provide a brief description.
What 3rd party Certifications or Accreditations have been acquired by the Cloud provider?  (e.g. ISO/PCI/SSAE16/270001/IRAP)
Are all data centres in Australia? If not, can the system be configured to only use Data Centres located in Australia?
Does the vendor have an overarching Information Security Policy/Information Security Framework? Please provide a list of security documents in place currently.
@rdkls
rdkls / gist:b0cea7202067976525bb962b2788a735
Created December 14, 2022 05:12
athena table create statement for one bucket holding multiple load balancer access logs (default example is limited to one table per alb)
View gist:b0cea7202067976525bb962b2788a735
Note the projection for api/alb name is an enum not 'injected' to enable querying on it
CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs (
type string,
time string,
elb string,
client_ip string,
client_port int,
target_ip string,
target_port int,
@rdkls
rdkls / gist:346f681fed749c7f6ba832447ccdb3d7
Last active September 27, 2022 07:11
fish script to run a command on all pods
View gist:346f681fed749c7f6ba832447ccdb3d7
for pod in (kubectl get pods --field-selector=status.phase=Running --no-headers -o custom-columns=":metadata.name")
echo $pod
kubectl exec -ti $pod -- ping 1.1.1.1 -W1 -c1 -q >/dev/null
end
@rdkls
rdkls / gcp-aws-vpn.create.py
Created August 9, 2022 23:56
gcp-aws-vpn.create.py
View gcp-aws-vpn.create.py
#!/usr/bin/env python3
# Stand up a VPN between GCP & AWS
# Assumes you're CLI auth'd to both as default
# Based on https://cloud.google.com/architecture/build-ha-vpn-connections-google-cloud-aws
# Yes it's ugly AF but basically working!
# Usage: ./setup-vpn.py --shared-secret-0=xxxxxx --shared-secret-1=aaaaa --shared-secret-2=bbbb --shared-secret-3=cccc
# You'll need to to pip[env] install beautifulsoup4 click boto3 lxml
import subprocess
import json
@rdkls
rdkls / .pre-commit-config.yaml
Created September 9, 2021 01:59
pre-commit config to run checkov
View .pre-commit-config.yaml
repos:
- repo: https://github.com/bridgecrewio/checkov.git
rev: 2.0.402
hooks:
- id: checkov
files: .
args:
- --quiet
@rdkls
rdkls / ec2-instance-prep-for-tf-dev.sh
Created July 23, 2021 05:03
commands to prep an ec2 instance for terraform dev, by mounting local folder via sshfs
View ec2-instance-prep-for-tf-dev.sh
set -x
sudo amazon-linux-extras enable epel
sudo yum install epel-release fuse-sshfs
sudo sed -i s/\#\ user/user/g /etc/fuse.conf
sudo curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash
sudo wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.31.1/terragrunt_linux_amd64 -O /usr/bin/terragrunt
sudo chmod +x /usr/bin/terragrunt
sudo wget https://github.com/Versent/saml2aws/releases/download/v2.31.0/saml2aws_2.31.0_linux_amd64.tar.gz -O /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo tar -xzvf /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo chmod +x /usr/bin/saml2aws
View deactivate-actions.py
#!/usr/bin/env python3
from github import Github
from pprint import pprint
import requests
TOKEN = 'PERSONAL_ACCESS_TOKEN'
g = Github(TOKEN)
for repo in g.get_user().get_repos(visibility='public'):
View linux-oneliners
sha256 of all running executables
for f in `ps -eo comm` ; do shasum5.28 -a 256 "$f" ; done