rdkls

#!/bin/bash
PORTALBASE=https://portal.sso.ap-southeast-2.amazonaws.com
REGION=ap-southeast-2
headers="-H 'X-Amz-Sso-Bearer-Token: $TOKEN' -H 'x-amz-sso_bearer_token: $TOKEN'"

if [ -z "$TOKEN" ]; then
  echo "Must set $TOKEN before running. Get it from browser login to sso portal, and check header for x-amz-sso_bearer_token"
  return 1
fi

rdkls

# Define the provider and region
provider "aws" {
  region = "ap-southeast-2"
}
variable "username" {
}
variable "password" {}

# Get the default VPC
data "aws_vpc" "default" {

rdkls

#!/usr/bin/env python3
import sys
import datetime
import json
import uuid

'''
# Description
Convert tfsec json output to gitlab sast json format
TFSec https://github.com/aquasecurity/tfsec

rdkls

https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html
BUT add "alert" data which is super important when trying to troubleshoot which rule is blocking

CREATE EXTERNAL TABLE `nfw_logs`(
  `firewall_name` string COMMENT 'from deserializer', 
  `availability_zone` string COMMENT 'from deserializer', 
  `event_timestamp` bigint COMMENT 'from deserializer', 
  `event` struct<
    timestamp:string,
    flow_id:bigint,

rdkls

#!/bin/bash

# Check if the host argument is provided
if [ -z "$1" ]; then
  echo "Usage: $0 host"
  exit 1
fi

# Get the host name
host=$1

rdkls

CREATE EXTERNAL TABLE IF NOT EXISTS vpc_flow_logs (
version int,
account string,
interfaceid string,
sourceaddress string,
destinationaddress string,
sourceport int,
destinationport int,
protocol int,
numpackets int,

rdkls

Note the projection for api/alb name is an enum not 'injected' to enable querying on it

CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs (
            type string,
            time string,
            elb string,
            client_ip string,
            client_port int,
            target_ip string,
            target_port int,

rdkls

#!/usr/bin/env python3
# run neo4j locally with e.g. docker run --rm -ti -p 7474:7474 -p7687:7687 --env NEO4J_AUTH=none neo4j
# athena table should be created per https://gist.github.com/rdkls/4d2228795b3a64d9a728f94e1441222f

from pyathena import connect
from neo4j import GraphDatabase
import threading
from halo import Halo # Import halo lib

# Define connection parameters

rdkls

# brew install session-manager-plugin

# Bootstrap your ssh key to ec2 instance, then start ssh session over ssm to it
# Since it's plain ssh can then e.g. port forward and all the funky stuff
Host i-* mi-* ssm-jumphost
    User ec2-user
    IdentityFile ~/.ssh/nick-doyle-slalom-lab-ed25519
    ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --ssh-public-key '$(cat ~/.ssh/nick-doyle-slalom-lab-ed25519.pub)' --instance-os-user ec2-user; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

rdkls

# Fix Github Co-pilot self-signed cert problem
# See: https://github.com/orgs/community/discussions/8866#discussioncomment-3517831
# The script is modified to handle .vscode-server too (in WSL2)
fix_github_copilot() {


    patch_ext() {
        _VSCODEDIR=$1
        _EXTENSIONSPATH="$HOME/${_VSCODEDIR}/extensions"
        _RE=$2