Skip to content

Instantly share code, notes, and snippets.

View ssh over ssm
# brew install session-manager-plugin
# Bootstrap your ssh key to ec2 instance, then start ssh session over ssm to it
# Since it's plain ssh can then e.g. port forward and all the funky stuff
Host i-* mi-* ssm-jumphost
User ec2-user
IdentityFile ~/.ssh/nick-doyle-slalom-lab-ed25519
ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --ssh-public-key '$(cat ~/.ssh/' --instance-os-user ec2-user; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
# Fix Github Co-pilot self-signed cert problem
# See:
# The script is modified to handle .vscode-server too (in WSL2)
fix_github_copilot() {
patch_ext() {
rdkls / gist:f06a51bf018e617fce25e32706b6af09
Created March 29, 2023 04:56
security assessment initial questions
View gist:f06a51bf018e617fce25e32706b6af09
Will the System be deployed on Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS)?
Will the Cloud Deployment Model be Private Cloud, Public Cloud, Community Cloud, or Hybrid Cloud? Please provide a brief description.
What 3rd party Certifications or Accreditations have been acquired by the Cloud provider?  (e.g. ISO/PCI/SSAE16/270001/IRAP)
Are all data centres in Australia? If not, can the system be configured to only use Data Centres located in Australia?
Does the vendor have an overarching Information Security Policy/Information Security Framework? Please provide a list of security documents in place currently.
rdkls / gist:b0cea7202067976525bb962b2788a735
Created December 14, 2022 05:12
athena table create statement for one bucket holding multiple load balancer access logs (default example is limited to one table per alb)
View gist:b0cea7202067976525bb962b2788a735
Note the projection for api/alb name is an enum not 'injected' to enable querying on it
type string,
time string,
elb string,
client_ip string,
client_port int,
target_ip string,
target_port int,
rdkls / gist:346f681fed749c7f6ba832447ccdb3d7
Last active September 27, 2022 07:11
fish script to run a command on all pods
View gist:346f681fed749c7f6ba832447ccdb3d7
for pod in (kubectl get pods --field-selector=status.phase=Running --no-headers -o custom-columns="")
echo $pod
kubectl exec -ti $pod -- ping -W1 -c1 -q >/dev/null
rdkls /
Created August 9, 2022 23:56
#!/usr/bin/env python3
# Stand up a VPN between GCP & AWS
# Assumes you're CLI auth'd to both as default
# Based on
# Yes it's ugly AF but basically working!
# Usage: ./ --shared-secret-0=xxxxxx --shared-secret-1=aaaaa --shared-secret-2=bbbb --shared-secret-3=cccc
# You'll need to to pip[env] install beautifulsoup4 click boto3 lxml
import subprocess
import json
rdkls / .pre-commit-config.yaml
Created September 9, 2021 01:59
pre-commit config to run checkov
View .pre-commit-config.yaml
- repo:
rev: 2.0.402
- id: checkov
files: .
- --quiet
rdkls /
Created July 23, 2021 05:03
commands to prep an ec2 instance for terraform dev, by mounting local folder via sshfs
set -x
sudo amazon-linux-extras enable epel
sudo yum install epel-release fuse-sshfs
sudo sed -i s/\#\ user/user/g /etc/fuse.conf
sudo curl -L | bash
sudo wget -O /usr/bin/terragrunt
sudo chmod +x /usr/bin/terragrunt
sudo wget -O /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo tar -xzvf /usr/bin/saml2aws_2.31.0_linux_amd64.tar.gz
sudo chmod +x /usr/bin/saml2aws
#!/usr/bin/env python3
from github import Github
from pprint import pprint
import requests
g = Github(TOKEN)
for repo in g.get_user().get_repos(visibility='public'):
View linux-oneliners
sha256 of all running executables
for f in `ps -eo comm` ; do shasum5.28 -a 256 "$f" ; done