Skip to content

Instantly share code, notes, and snippets.

## using ubuntu jammy 22 lts docker image
docker pull ubuntu:jammy
apt update
apt install -y curl OR apt install -y wget (wget has less dependencies??)
##% curl dep overlap with azure-cli, so may as well curl?
curl https://releases.hashicorp.com/terraform/1.7.5/terraform_1.7.5_linux_arm.zip > /tmp/terraform.zip
apt install -y unzip
unzip /tmp/terraform.zip -d /usr/local/bin
@treyperrone
treyperrone / 20240223_aws_scp_owners.md
Last active February 28, 2024 02:18
20240223_aws_scp_owners

SCP i have that appears to work:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "ec2:*"
      "Resource": "arn:aws:ec2:*:*:image/ami-*",
 "Condition": {
@treyperrone
treyperrone / 202402-aws-test-deny-AMIs.md
Created February 22, 2024 04:55
202402-aws-test-deny-AMIs

2024 February

Test various things surrounding deny launch of AMIs via SCPs

Basic setup details:

  • primary AWS account with AWS orgs setup acctID xxxxxxxx2016
    • account only has orgs in it and only SCPs in place are a simple denyleavingorgs at root level
  • child account created called image-factory acctID xxxxxxxx3352 where AMIs would be created/shared from
  • child account created called lab2024 acctID xxxxxxxx6393
@treyperrone
treyperrone / 20240217_aws_orgs_shared_cmk_test.md
Last active February 21, 2024 19:17
20240217_aws_orgs_shared_cmk_test

2024-02-21

  • the lab account policy was not in the prior comments, its the plain jane vanilla default one generated at KMS key creation:
{
    "Id": "key-consolepolicy-3",
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Enable IAM User Permissions",
@treyperrone
treyperrone / vmware_free_provision.yml
Created January 25, 2018 16:48
ansible_vsphere_guest_esxi_free
---
- hosts: all
vars:
volumename: f8_ssd
vcenter_hostname: esxifreename.fqdn
esxi_hostname: esxifreename.fqdn
vm_scsi: paravirtual
vm_osid: rhel7_64Guest
template_path_vmdk: template_rhel7.4/rhel7.4_0.vmdk