100daysofdevops
/ cloudtrail
Created
February 13, 2019 00:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "us-west-2" | |
| } | |
| resource "aws_cloudtrail" "my-demo-cloudtrail" { | |
| name = "my-demo-cloudtrail-terraform" | |
| s3_bucket_name = "${aws_s3_bucket.s3_bucket_name.id}" | |
| include_global_service_events = true | |
| is_multi_region_trail = true | |
| enable_log_file_validation = true |
100daysofdevops
/ Cloudtrail
Created
February 13, 2019 00:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create Trail(Single Region) | |
| aws cloudtrail create-trail --name my-test-cloudtrail --s3-bucket-name mytests3bucketforcloudtrail | |
| # Create Trail(That applies to multi-region) | |
| aws cloudtrail create-trail --name my-test-cloudtrail-multiregion --s3-bucket-name mytests3bucketforcloudtrail --is-multi-region-trail | |
| # To get the status/list all the trails | |
| aws cloudtrail describe-trails | |
| # Start logging for the trail |
100daysofdevops
/ sns_policy
Created
February 14, 2019 22:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "SNS:Publish", | |
| "Resource": "arn:aws:sns:us-west-2:XXXXXX:alarms-topic", <--SNS Arn | |
| "Condition": { | |
| "ArnLike": { | |
| "aws:SourceArn": "arn:aws:s3:::s3-cloudtrail-bucket-with-terraform-code" <---Bucket name |
100daysofdevops
/ s3_topic_via_sns_terraform
Created
February 14, 2019 23:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "us-west-2" | |
| } | |
| resource "aws_sns_topic" "topic" { | |
| name = "s3-event-notification-topic" | |
| policy = <<POLICY | |
| { | |
| "Version":"2012-10-17", | |
| "Statement":[{ |
100daysofdevops
/ stsassumerole
Created
February 20, 2019 02:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": { | |
| "Effect": "Allow", | |
| "Action": "sts:AssumeRole", | |
| "Resource": "arn:aws:iam::PRODUCTION-ACCOUNT-ID:role/UpdateApp" <-- Update the IAM Role we created for Account A | |
| } | |
| } |
100daysofdevops
/ gist:7336cfdec779b38718d49d4603cf8432
Created
February 20, 2019 05:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": "s3:ListAllMyBuckets", | |
| "Resource": "*" | |
| }, | |
| { | |
| "Effect": "Allow", |
100daysofdevops
/ ec2-t2-restrict-policy
Created
February 20, 2019 19:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:RunInstances", | |
| "ec2:GetConsoleScreenshot" | |
| ], |
100daysofdevops
/ full_policy_with_t2.restriction
Created
February 20, 2019 20:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:RunInstances", | |
| "ec2:GetConsoleScreenshot" | |
| ], |
100daysofdevops
/ t2userrestrcition.tf
Created
February 20, 2019 21:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "us-west-2" | |
| } | |
| resource "aws_iam_user" "my-user" { | |
| name = "my-test-user" | |
| } | |
| resource "aws_iam_policy" "t2-instance-restricition-policy" { | |
| name = "t2-instance-restricition-policy" |
100daysofdevops
/ s3bucketpolicy.json
Created
February 22, 2019 04:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Id": "Policy1550810272864", | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "Stmt1550810271230", | |
| "Action": [ | |
| "s3:GetObject", | |
| "s3:PutObject" |
OlderNewer