Skip to content

Instantly share code, notes, and snippets.

View toshke's full-sized avatar

Nikola Tosic toshke

23 followers · 21 following
  • Buffer Overflow
  • Melbourne, Australia
  • X @thetoske
View GitHub Profile
@toshke
toshke / list_active_aws.py
Created December 24, 2021 08:22
list active aws profiles
#!/usr/bin/env python3
import boto3
import os
from botocore.exceptions import ClientError
KEY_ID = 'aws_access_key_id'
SECRET_KEY = 'aws_secret_access_key'
SESSION_TOKEN = 'aws_session_token'
@toshke
toshke / rotate_aws_keys.py
Last active July 6, 2021 00:27
Rotate AWS access keys for a profile python script
#!/usr/bin/env python3
import sys
import os
import boto3
import shlex
def rotate(profile: str):
sts = boto3.client('sts')
iam = boto3.client('iam')
user_arn = sts.get_caller_identity()['Arn']
@toshke
toshke / assume-role.sh
Created April 20, 2021 06:29
assume-role
#!/bin/bash
set -eox pipefail
if [ "$1" == "" ]; then
echo "usage: assume-role arn [session-name=nikolatosic\$(date +%s)] [duration=900]"
exit 1
fi
if [ "$2" == "" ]; then
echo "usage: assume-role arn [session-name\$(date +%s)] [duration=900]"
session_name="nikolatosic$(date +%s)"
fi
@toshke
toshke / cresponse.py
Created December 22, 2020 09:12
cresponse.py
import logging
from urllib.request import urlopen, Request, HTTPError, URLError
import json
logger = logging.getLogger()
class CustomResourceResponse:
def __init__(self, event):
self.event = event
self.response = {
@toshke
toshke / cr_log.py
Created November 30, 2020 09:58
log custom resource payload
import json
def handler(event, payload):
print(json.dumps(event))
@toshke
toshke / condition_cr.yaml
Created November 30, 2020 09:48
Conditional Custom Resource
Parameters:
DeployCustomResource:
Type: String
Default: false
AllowedValues: [true, false]
Conditions:
DeployCustomResource: !Equals [ !Ref DeployCustomResource, 'true' ]
Resources:
# .. other definitions including backing lambda
MyCustomResource:
@toshke
toshke / crupdate.py
Last active December 22, 2020 09:15
crupdate custom resource
physical_id = get_physical_id(event)
if request_type == 'Create' or request_type == 'Update:
if resource_exists(physical_id):
print(f'{physical_id} will be overwritten')
create_resource()
response.success(physical_id)
@toshke
toshke / physical_id.py
Last active December 22, 2020 09:15
physical id
def get_physical_id(r_properties):
""" Generated resource id """
bucket = r_properties['Bucket']
key = r_properties['Key']
return f's3://{bucket}/{key}'
def cr_handler(event, context):
"""
Create, Update or Remove S3 object
as Custom Resource for AWS CloudFormation
@toshke
toshke / cr_errors.py
Created November 23, 2020 11:07
Custom Resource error handling
import logging
import json
def handler(payload, context):
try:
response = CustomResourceResponse(payload)
# follow rule 2 - alway log the paylod
logging.info(json.dumps(payload))
## TODO: handle request from CFN
@toshke
toshke / chroot_binary.sh
Created May 6, 2020 06:55
Isolate binary using chroot
function isolate_binary() {
binary=$(which $1)
libs=$(ldd -v $binary | grep -o '/.*[[:space:]]')
libs=($libs)
mkdir -p ${2}$(dirname $binary)
cp -vn ${binary} ${2}${binary}
for l in "${libs[@]}"; do mkdir -p ${2}$(dirname $l) && cp -vn ${l} ${2}${l}; done
}